Senior Information Security Auditor

About Supermicro:

Supermicro® is a Top Tier provider of advanced server, storage, and networking solutions for Data Center, Cloud Computing, Enterprise IT, Hadoop/ Big Data, Hyperscale, HPC and IoT/Embedded customers worldwide. We are the #5 fastest growing company among the Silicon Valley Top 50 technology firms. Our unprecedented global expansion has provided us with the opportunity to offer a large number of new positions to the technology community. We seek talented, passionate, and committed engineers, technologists, and business leaders to join us.

Essential Duties and Responsibilities:

1. Analyze systems, security controls, and event logs to detect the nefarious activity of the company. Provide regular reports to the team on security incidents, risks, and the overall effectiveness of security measures.
2. Audit the company’s security controls to ensure they work correctly; Plan, document, and conduct complex audit assignments and projects.
3. Audit access throughout systems/applications and ensure access is at appropriate levels of the company.
4. Collaborate with/across teams and architects to ensure security landing.
5. Work with multiple stakeholders (internal and external) to assess and identify security compliance gaps and propose technical and operational remediation solutions.
6. Contribute to the annual risk assessment and development of the audit plan for assigned businesses or corporate staff groups.
7. Develop skills for ISO committee members across teams. Conduct audit fieldwork by department and company standards.
8. Provide consulting services to internal terms including all unit leaders and members.

Qualifications:

• BA/BS degree in MIS, Information Technology/Engineering, or a related field; or the equivalent in education and work experience.
• Certifications preferred including (e.g., ISO27001 LA, CISA, CISSP, CPA);
• Minimum 4-5 years’ experience working as an IT auditor or IT risk adviser for a public accounting firm or within the industry.
• 5-6+ years of Information Technology and/or IT audit experience.
• Ability to communicate effectively to technical and non-technical audiences, in both written and verbal formats.
• Knowledge and experience in performing audits of technology projects and programs (SDLC reviews);
• Experience auditing and evaluating infrastructure, cybersecurity risks/controls, and auditing operating systems.
• Prior experience focusing on information technology systems.
• Must be effective at communicating issues through written reports, verbal discussions, and presentations.
• Preparing written reports of completed audits and presenting results to Management.
• Working knowledge of internal control analyses and risk assessment methodologies.
• Strong organizational, communication, and interpersonal skills to work with all levels of management are required.
• Ability to work a flexible schedule during key business timelines.