We are seeking a Risk and Compliance Analyst to add to the hawkeye team in our Charlotte, NC office.

Responsibilities:

The Risk and Compliance Analyst is responsible for completing risk assessment audits to verify compliance with international, federal and industry standards as well as the organization's security policies and procedures through internal and external engagements.

Under direction, the Analyst will execute compliance testing, controls assessment and documentation for external vendors using the FISAP SIG and AUP as well as other compliance requirements such as PCI or Safe Harbor as needed. The Analyst will also monitor compliance with information security policies and standards by conducting internal data privacy assessments, control reviews, risk assessments and document IT control inefficiencies and weaknesses based on business risk. He/She is also expected to maintain a current knowledge of IT-related regulatory compliance requirements and standards.

• Conduct information technology audits at all hawkeye vendor facilities
• Participate in all client-driven information technology audits
• Conduct internal and external information technology audits in accordance with audit program methodology
• Document IT control inefficiencies and weaknesses based on business risk
• Evaluate audit observations and draft recommendations to improve policies, procedures, efficiency and controls
• Retest open audit issues from previous audits requiring follow-up
• Participate in the design and implementation of new security controls
• Assist in other aspects of risk-based and standards-based audit processes
• Work closely with management to achieve team and department goals

Qualifications:

The ideal candidate will have a solid technical or security background and 2 years of field audit experience.

• Strong attention to detail
• Self starter, highly motivated
• Excellent oral and written communication skills
• Demonstrated analytical and problem solving skills
• Basic project management skills
• Understanding of network/application /OS architectures, best practices and concepts (LAN/WAN, Windows, Active Directory, UNIX, Mainframe/RACF)
• Understanding of change management, risk assessment and industry security standards methodology
• Understanding of compliance requirements related to the following regulations and industry standards: ISO27001, PCI, FISAP, Safe Harbor, etc
• Working knowledge of .NET application architecture
• Working knowledge of SQL databases and related security methodology
• 1 - 3 years of audit or technical experience in two of the following areas: IT auditing, system administration, database administration, application administration, security systems software, or programming
• Bachelors Degree; experience may be substituted for educational requirements (4 years minimum)
• 30% travel required
• Security certifications are a plus
• Mac/Unix and Apache/Oracle experience a plus