Info Security Analyst ( Cloud Auditor)
ICF (NASDAQ:ICFI) is a global consulting services company with over 7,000 full- and part-time employees, but we are not your typical consultants. At ICF, business analysts and policy specialists work together with digital strategists, data scientists and creatives. We combine unmatched industry expertise with cutting-edge engagement capabilities to help organizations solve their most complex challenges. Since 1969, public and private sector clients have worked with ICF to navigate change and shape the future. Learn more at icf.com.
ICF Next, Inc. (“ICF NEXT”) is a global marketing company. We provide marketing and communications capabilities to our customers. Over the years, our company has built and integrated a set of best-in-class marketing and communications through different agencies and consultancies. ICF NEXT brings organizations closer to the people they serve. Our focus in on the insights, creativity and technology that improve the interaction with clients and motivates meaningful action.
With a passion for marketing and communication, ICF NEXT knows when and how to accelerate the adoption of technologies and techniques that bring you closer to your customer. As voice search, artificial intelligence, and virtual and augmented reality are disrupting nearly every industry, we help organizations to stay one step ahead by orchestrating the conversations and collaborations that produce innovation. With over 1,700 staff members and more than 15 global offices, we are a global strategic partner for engagement and transformation. For more information about our company, visit www.icf.com/next.
Conducts assessments of the current state of security controls of various internal cloud-based web applications. Organizes findings from interviews and technical assessments into a central repository. Coordinates with project teams to clarify questionnaire responses to ensure consistent visibility into project state. Assess exsiting documentation for already-defined controls or artifacts. Interprets submitted artifacts from various project groups for appropriate content and clarity. Analyse findings and produce reports and for IT leadership. Helps design and manage the collection and organization of findings.
- Develop a strong understanding of business and system processes.
- Conduct efficient and effective ongoing IT audit procedures.
- Organize and schedule assessment schedules with teams
- Evaluate the design and operational effectiveness of IT controls
- Risk assessments of technical environments
- Determine risk exposure within and across projects
- Work with a diverse array of people and technologies
- Reporting and Documentation of findings
- Identify and assess existing technical project details
- Discuss technical issues in simplified terms to the relevant staff.
- Provide recommendations and guidance on identified security and control risks.
- Organize and manage the GRC program
Qualifications and Experience
- Strong interpersonal skills
- Excellent written and verbal English
- Experience organizing and executing large-scale projects
- Previous experience working with NIST or ISO security frameworks is preferred
- Previous experience with regulatory requirements (SOX, PCI, NERC, etc.)
- Preferred Certified Information Systems Auditor (CISA)
- 2 years experience as an IT Auditor, Business Analyst or Project Manager
- Familiarity with common IT audit methodologies.
- Strong attention to detail with an analytical mind and outstanding problem-solving skills.
- Basic understanding of web application components (app, database, etc.)
Learning to use professional concepts. Applies company policies and procedures to resolve routine problems. Develops competence by performing structured assignments.
Works on problems of limited scope. Follows standard practices and procedures in analyzing situations or data from which answers can be readily obtained. Builds stable working relationships internally.
Work is closely managed. Normally receives detailed instructions on all work.
Regularly interacts with functional peers within the immediate organization. Interaction normally involves exchange or presentation of factual information. Extensive interaction with external contacts.
No managerial responsibility. – Exempt Non-Manager
Leaders to fill out summary for each level
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
Bangalore, India (II76)