IT/Security Audit Specialist

  • Coinbase
  • San Francisco, CA, USA
  • Jan 10, 2018

Job Description

Back To All Jobs IT/Security Audit Specialist
San Francisco, CA

Reporting to the Head of Internal Audit, the IT/Security Audit Specialist will identify relevant risks & controls related to IT and cybersecurity. They will help implement and execute a consistent risk analysis framework, test business-level validation of control effectiveness, and assist in the auditing and reporting of cybersecurity and data privacy compliance.
Duties and Responsibilities:
  • Assist Internal Audit in implementing the Enterprise Risk Management program, particularly as it applies to cybersecurity & data privacy.
  • Participate in regular audits, which include risk assessment review, audit scoping, identifying and testing processes/controls, and reviewing specific recommendations related to cybersecurity & data privacy regulatory & compliance programs and initiatives.
  • Recognize, understand, and analyze root causes, patterns, or trends that could result in risk to cybersecurity & data privacy and the organization. Identify and implement corrective action where appropriate consistent with ERM objectives.
  • Ensure that Coinbase maintains adequate risk controls to facilitate compliance with laws and regulations related to cryptocurrencies and security infrastructure.
  • Support business lines for implementation, risk analysis, and testing of new products and services providing an internal control perspective to identify control gaps and recommendations for improvement.
Skills/Knowledge/Experience
  • 4+ combined years experience in risk management, audit, and/or penetration testing.
  • Excellent communication skills, interpersonal skills, and analytical skills.
  • Ability to multi-task in a rapidly changing environment.
  • Demonstrated ability to work independently and execute effectively.
  • Strong project management skills -- organized, logical, methodical, strong attention to detail.
  • Passion for data security.
  • Extensive knowledge of cybersecurity and data privacy regulations (e.g., PCI, GLBA, SOC, ISO27001, GDPR)