Ten-X is changing real estate as we know it. Already the world’s largest online real estate marketplace, we have facilitated $37B in transactions since 2007 and we’re just getting started. The company’s vision is to transform the way real estate is bought and sold by providing a more efficient and transparent process, using technology and best-in-class marketing to maximize the value of real estate assets in the sales process.
The IT Senior Auditor will assist with planning, organizing, and implementing GRC efforts pertaining to IT Security, Disaster Recovery, and Audit functions related to all company Information Systems. Ensures that facilities, data systems and databases are protected according to recognized Industry Standards and in conformance with Bank Client contractual requirements, including regulatory standards where applicable. Responsible for assisting the INFOSEC Department, and IT Engineering in general, apply sound Information Assurance practices for reliable audit metrics pertaining to IDS/IPS, WAF/ WAN/LAN Firewalls, Systems and Network Administration and Software Engineering security best practices within the SDLC.
- Coordinates with the various Engineering Teams gathering essential systems reports to be used to establish metrics for INFOSEC department review and evidence for audits.
- Works alongside INFOSEC personnel evaluating metrics regarding the effectiveness and efficiency of existing security control measures, in order to provide the appropriate assurance results for audits.
- Performs auditing and monitoring analysis of policies, systems, procedures to verify compliance with established security policies, notifying appropriate individuals of observed violations.
- Identifies gaps in protection and compliance, recommending solutions to remediate or mitigate the risks associated with the protection gaps.
- Works with staff at all levels in the organization, vendors and contractors to insure protections are effective, efficient and non-disruptive to the appropriate duties, rights and mission of the individuals within the various business organization(s).
- Assists with documentation regarding all inquiries related to alleged security breaches as well as maintaining internal in-scope policies and procedures and evidence preparation for audit questionnaires.
- Assists and advises staff regarding department appropriate security and disaster recovery procedures.
- May assist with maintaining training and awareness programs to ensure data owners, custodians and users are aware of their responsibilities.
- May make written and oral presentations on security issues.
- Bachelor’s degree in Computer Science, Information Systems or related field; or equivalent experience.
- Minimum six years’ Information Security & Audit experience within a business computing environment, Banking/Financial or Real Estate environment helpful.
- Excellent communication, interpersonal and project management skills.
- Experience with all or most of the following information security technologies:
- Active Directory
- Intrusion detection/prevention systems (IDS/IPS)
- Web filtering
- Vulnerability scanners
- Encryption technologies for data at rest and data in transit
- Mobile device and removable media protection or management systems
- Forensic analysis
- Security Information and Event Management (SIEM) systems
- Common Vulnerabilities and Exposures (CVE ) databases
- Network Access Control
- Familiarity with the following IS principles:
- Data center environmental and physical security controls;
- IT operations, including service availability management, system monitoring and batch processing;
- Change, problem & incident management;
- Familiarity with risk assessment and risk management concepts or processes.
- Experience with: networking and network security, database principles, security architectures.
- Working knowledge of various regulatory and standards body security requirements – particularly:
- GLBA, NIST, ISO 27001/27002, SOC (SSAE 16).
- Ability to work independently, relying on experience and judgment to plan for and accomplish goals.
- Thorough knowledge of IT security principles and practices and the ability to evaluate the effectiveness and efficiency of existing security control measures.
Currently hold of the following certifications: CISA, GIAC, or CRISC, required. Additional CISM or CISSP preferred, but not required