Internal Audit Analyst
- Cachematrix simplifies cash management for leading banks and their corporate clients.
- Cachematrix is a premium Software as a Service (SaaS) firm that powers liquidity solutions for many of the world's largest financial institutions.
- Cachematrix is an independent company founded in 2003, built and owned by its employees who have focused their careers on fintech.
- Cachematrix seeks a resource who will follow industry best practices and ensure internal processes meet the high standards of our financial services customers.
- Ensuring authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests; documenting processes for user management; recommending improvements.
- Monitoring ongoing review of logs for potential security issues and records retention requirements including logs for firewalls, remote access, F5, active directory, application logs, SQL, building access, IDS, DLP, etc.
- Staying aware of industry trends in security awareness and subscribing to vulnerability services identifying patches and remediation needs of the firm; tracking and monitoring of any open security issues/bugs.
- Organizing, documenting and archiving all related monitoring and security reporting functions per internal and external auditing requirements.
- Auditing and validating installation standards are in compliance.
- Monitoring computing environment security by applying standards, policies, and procedures; coordinating with impacted areas; recommending improvements.
- Documenting individual client security and testing requirements as contractually needed; closing any gaps; recommending improvements.
- Ensuring monitoring of URL filtering and DLP processes; monitoring of IDS events.
- Documenting network security architecture; recommending improvements.
- Validating regular backups are occurring according to documented requirements.
- Develop, implement and maintain security policies and procedures that align with organization's contractual, regulatory, and internal requirements.
- Continue development of information security program against known standards (NIST 800-53, ISO 27001, etc.)
- Build on the internal audit framework to verify the implementation of the information security program's stated standards.
- Use risk assessment methodology to uncover risks and develop security requirements. When necessary, communicate/escalate risks to the risk committee and/or executive team for guidance and approval.
- Respond to customer-based due diligence and security questionnaires regarding questions about the organization’s information security program. Identify gaps and work with internal stakeholders to fill when necessary.
- Participate in customer-based and third-party on-site audits and assessments.
- Ensure that third party (vendor) information security risks are identified, assessed and treated throughout their relationship through a continuous vendor risk management program.
- Maintain an awareness of common standards, laws, and regulations including those in the areas of security and privacy, especially as they pertain to the financial industry.
- Enhance security awareness by providing orientation, educational programs, and ongoing training/communication.
- Collaborate with internal stakeholders to ensure that organization's internal, customer-facing, and audit requirements are proactively being met. These include, but are not limited to:
- Business continuity and disaster recovery planning and exercises;
- Change control processes;
- Security incident response preparation and exercises;
- Role-based security awareness training ;
- Capacity and performance reporting
Knowledge, Skills & Abilities:
- Experience with SWIFT preferred
- Knowledge of standards such as NIST, ISO and SSAE
- Ability to collaborate with all departments in the company and deliver constructive feedback
- Ability to think critically about processes, risks and vulnerabilities
- At least three years’ experience as a security analyst or internal auditor preferred.
Minimum Education, Training and Certifications:
- A Bachelor’s degree in information technology or similar analytical field is preferred.
Working Environment/Physical Activities:
- PC usage up to 100% of the time.
- Basic office equipment such as telephone, copier, and fax machines, etc.
- May be required to work in excess of 40 hours per week and may include weekend/evening/holiday hours.
Send a brief message with your resume attached to our awesome HR department!
This job description supersedes all prior job descriptions and is intended to describe the general content and essential requirements for the position listed above. It is not to be construed as an exhaustive statement of requirements, duties, and responsibilities. Management reserves the right to add or change the duties of this position as required at any time. Cachematrix Holdings LLC is an Equal Opportunity Employer.