Address
Form of work
SalaryRESPONSIBILITIES:
Assist the Information Security department in providing for the safekeeping and integrity of company information assets by maintaining systems and controls that prevent unauthorized access, modification, disclosure, and/or deletion of information from computer networks and resources. Serve as a security technical analyst and advisor on projects to evaluate new technology resources for program compliance by effectively testing solutions using industry standard evaluation criteria, which includes the delivery of formal papers and technical reports on test results and findings. Provide security engineering research and analysis in a liaison capacity to the various Technology Groups and Architecture functions. Directly interface with business line technical experts and information security members to provide guidance on authorization, authentication and encryption solutions. Consult with business units regarding their changing business and technical plans to ensure that information security issues are addressed early in the project life cycle. Advise the district Information Security manager of changes in technical, legal and regulatory arenas affecting information security and computer crime.
Job Description:
The Client Technology Risk and Compliance division is looking for a Quality Assurance (QA) Analyst for testing Information Technology and Information Security control design and operational effectiveness.
Responsibilities:
- Create test scripts with attributes and test steps providing strong coverage of validation activities for Cloud, Cyber Security and Information Technology general controls
- Perform control testing through observation or collection and analysis of evidence of control performance
- Assess control language and business line procedures to ensure alignment
- Lead process inquiries, walkthroughs and procedure reviews to support the development of QA test work papers
- Collaborate with Control Owners, Risk Analysts and subject matter experts to define evidence, populations, and discuss results of testing
- Validate populations of desired activity for accuracy and completeness
- Select test samples based on internal program methodology and document rationale for adequate coverage
- Lead test result discussions with business line management and risk partners related to identified exceptions, criteria used to define expected results, and actions needed/recommended
- Perform peer reviews of completed testing
- Document testing results in Archer
- Present automation process improvement proposals to reduce risk of control failure and/or drive process efficiencies
Preferred Skills/Experience:
- Experience in technology audit, information security engineering, IT governance risk and compliance or related areas
- Strong understanding of cybersecurity processes and concepts (e.g. vulnerability management, security governance, software development, incident response, physical security, auditing and logging, micro segmentation, secure access service edges, zero trust architecture, PKI, penetration testing) as well as application controls
- Experience in auditing, compliance, and/or risk management with cloud operations, network, infrastructure, and security related to Azure and AWS
- Relevant professional certifications such as CISA, CISSP, etc.
- Experience in auditing, compliance, and/or risk management with Data Privacy laws, rules and regulations such as GLBA, GDPR, SOX and PCI
- Knowledge and experience with professional standards including NIST Cybersecurity Framework, CCM and COBIT
- Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, and presentations
- Strong analytical, problem-solving and negotiation skills
- Excellent presentation, interpersonal, written, and verbal communication skills
- Excellent project management and time management skills
- Must possess business acumen, credibility and critical thinking to lead challenging conversations and drive out efficiencies
Job Type: Contract
Salary: $40.00 - $45.00 per hour
Benefits:
- 401(k)
- Dental insurance
- Health insurance
Experience level:
- 6 years
Schedule:
- 8 hour shift
Education:
- Bachelor's (Preferred)
Experience:
- Quality assurance: 6 years (Preferred)
- Cybersecurity: 6 years (Preferred)
- vulnerability management: 6 years (Preferred)
- risk and compliance: 6 years (Required)
- technology auditing: 6 years (Required)
Location:
- Minneapolis, MN 55401 (Required)
Security clearance:
- Confidential (Preferred)
Ability to Commute:
- Minneapolis, MN 55401 (Preferred)
Ability to Relocate:
- Minneapolis, MN 55401: Relocate before starting work (Preferred)
Work Location: In person
