1,907 Cybersecurity Audit jobs in the United States

HYBRID: ON-SITE TWO DAYS PER WEEK.
POSITION AVAILABLE FOR EXTENSIONS BASED ON PROJECT AND BUDGET APPROVAL.

The Georgia Department of Community Health (DCH) seeks a dedicated and skilled Cybersecurity Audit Manager to lead its cybersecurity auditing and compliance initiatives. This position is pivotal in ensuring DCH's compliance with federal and state regulations, protecting sensitive information, and managing cybersecurity risks. The Cybersecurity Audit Manager will be key in safeguarding DCH's IT infrastructure and assets while enhancing overall security practices.

The successful candidate will be responsible for:

-Cybersecurity Risk Management: Identifying and mitigating risks to DCH's information systems and assets.

-Policy Development and Enforcement: Establishing and enforcing security policies, standards, and procedures.

-Auditing and Compliance: Conducting regular audits and assessments to ensure compliance with industry regulations and legal standards.

-Vendor Risk Management: Assessing and managing third-party risks related to cybersecurity.

-Continuous Improvement: Enhancing the cybersecurity program in response to emerging threats and evolving best practices.

Qualifications:

In-depth knowledge of federal and state security regulations, including HIPAA and NIST frameworks.

At least five years of experience in cybersecurity auditing, with a preference for healthcare or government environments.

Minimum of one year of management experience.

Education:

Bachelor's degree from an accredited institution.

This role offers the opportunity to drive meaningful change in protecting critical health information systems while contributing to DCH's mission of improving the health and wellness of millions of Georgians.

• Cybersecurity Risk Management: Identifying and mitigating risks to Client's information systems and assets.
• Policy Development and Enforcement: Establishing and enforcing security policies, standards, and procedures.
• Auditing and Compliance: Conducting regular audits and assessments to ensure compliance with industry regulations and legal standards.
• Vendor Risk Management: Assessing and managing third-party risks related to cybersecurity.
• Continuous Improvement: Enhancing the cybersecurity program in response to emerging threats and evolving best practices.

• In-depth knowledge of federal and state security regulations, including HIP nd NIST frameworks.
• At least five years of experience in cybersecurity auditing, with a preference for healthcare or government environments.
• Minimum of one year of management experience.

• Bachelor's degree from an accredited institution.
• This role offers the opportunity to drive meaningful change in protecting critical health information systems while contributing to DCH's mission of improving the health and wellness of millions of Georgians.

• Skill Required Amount of Experience Experience Experience in cybersecurity auditing, with a focus on healthcare or government environments Required 5 Years Management experience.
• Required 1 Years Bachelor's degree from an accredited college or university Required Thorough understanding of federal and state computer security and privacy laws, regulations, standards, and Controls Required Thorough understanding of HIPAA Final Security Rule, the National Institute of Standards and Technology (NIST) Required Thorough understanding of Special Publications (including 800-53 Moderate-Impact-Baseline) Required Experience with HITRUST software Required Experience with AWS Required

About the job IT Manager 2/Cybersecurity Audit Manager

Interview Type : Either Web Cam or In Person

Work Arrangement : Hybrid

Engagement Type : Contract

Short Description :

The Georgia Department of Community Health (DCH) seeks an experienced Cybersecurity Audit Manager to oversee and enhance cybersecurity compliance efforts, ensuring the security of DCH's information systems, data, and processes.

Complete Description :

HYBRID: ON-SITE TWO DAYS PER WEEK.

POSITION AVAILABLE FOR EXTENSIONS BASED ON PROJECT AND BUDGET APPROVAL.

The Georgia Department of Community Health (DCH) seeks a dedicated and skilled Cybersecurity Audit Manager to lead its cybersecurity auditing and compliance initiatives. This position is pivotal in ensuring DCH's compliance with federal and state regulations, protecting sensitive information, and managing cybersecurity risks. The Cybersecurity Audit Manager will be key in safeguarding DCH's IT infrastructure and assets while enhancing overall security practices.

The successful candidate will be responsible for:

-Cybersecurity Risk Management: Identifying and mitigating risks to DCH's information systems and assets.

-Policy Development and Enforcement: Establishing and enforcing security policies, standards, and procedures.

-Auditing and Compliance: Conducting regular audits and assessments to ensure compliance with industry regulations and legal standards.

-Vendor Risk Management: Assessing and managing third-party risks related to cybersecurity.

-Continuous Improvement: Enhancing the cybersecurity program in response to emerging threats and evolving best practices.

Qualifications:

In-depth knowledge of federal and state security regulations, including HIPAA and NIST frameworks.

At least five years of experience in cybersecurity auditing, with a preference for healthcare or government environments.

Minimum of one year of management experience.

Education:

Bachelor's degree from an accredited institution.

This role offers the opportunity to drive meaningful change in protecting critical health information systems while contributing to DCH's mission of improving the health and wellness of millions of Georgians.

• Lead and manage a global cybersecurity audit team, including driving the cybersecurity audit strategy and risk monitoring program.
• Drive the execution of global Information Security audit programs, ensuring comprehensive coverage and adherence to best practices.
• Oversee IT incident validations and provide critical support for group-wide IT certifications.
• Collaborate effectively with functional and regional portfolio leads to provide expert IT security controls testing support for integrated audits.
• Develop and implement advanced audit methodologies tailored to the unique complexities of blockchain technology, crypto exchanges, and decentralized systems.
• Provide strategic guidance and insights on emerging cybersecurity risks and controls in the cryptocurrency space to senior leadership.

• Prior Experience Leading Cybersecurity Audit Teams in the Crypto Exchange/Crypto Product Space is Essential.
• Strong Critical Thinking and Problem-Solving Skills: Capacity to analyze complex, often novel, technical and control environments unique to crypto, identify intricate root causes of issues, and propose effective, context-specific solutions.
• Fundamental Understanding of Blockchain Technology: Basic knowledge of distributed ledger technologies, consensus mechanisms (e.g., PoW, PoS), cryptography (hashing, public-key), and the lifecycle of a cryptocurrency transaction.
• Data Analytics/SQL for Deep Security Analysis: Proficiency in querying and analyzing large volumes of security logs, blockchain transaction data, wallet addresses, vulnerability scan outputs, penetration test results, and threat intelligence feeds to identify sophisticated attack patterns, anomalies, and potential illicit activities unique to crypto.
• Security Auditing and Compliance: Deep understanding of common cybersecurity frameworks (e.g., NIST CSF, ISO 27001) applied within the unique risk context of a crypto exchange. Ability to assess compliance with emerging crypto-specific security standards and regulatory guidance.
• Vulnerability Assessment & Penetration Testing (VAPT) Interpretation & Oversight for Crypto Assets: Ability to plan, scope, interpret, and assess the remediation effectiveness of VAPTs specifically targeting blockchain infrastructure, smart contracts, exchange platforms, and wallet security.
• Incident Response & Forensics for Crypto Incidents: Expertise in incident response lifecycles and forensic investigation techniques specifically tailored for crypto incidents (e.g., fund misappropriation, smart contract exploits, private key compromises, denial-of-service on nodes).
• Network Security for High-Value Crypto Infrastructure: Advanced expertise in evaluating highly resilient and secure network architectures for crypto exchanges, including multi-layer defenses, DDoS mitigation for high-volume transactions, and secure connectivity to blockchain nodes and custodians.
• Cloud Security for Distributed Crypto Systems: In-depth understanding of cloud security principles and ability to audit complex cloud deployments hosting distributed ledger nodes, hot/cold wallet infrastructure, and high-performance trading engines across multiple cloud providers.
• Security Information and Event Management (SIEM) for Blockchain and Crypto Systems: Ability to assess the configuration, correlation rules, and alerting mechanisms of SIEM solutions specifically integrated with blockchain nodes, off-chain transaction systems, and crypto-specific logs to detect sophisticated threats.
• Understanding of Cyber Threat Landscape & Attack Vectors: In-depth knowledge of unique attack vectors targeting crypto exchanges (e.g., flash loan attacks, reentrancy attacks, oracle manipulation, phishing for private keys, supply chain attacks on blockchain software) and the specific techniques used by threat actors in this space.
• Risk Management Principles for Cybersecurity: Advanced grasp of cybersecurity risk identification, assessment, mitigation, and monitoring methodologies specifically tailored to the high-stakes, real-time, and often irreversible nature of crypto transactions.
• Knowledge of Specific Regulatory Requirements: Understanding of specific regulatory requirements impacting crypto exchanges globally (e.g., anti-money laundering (AML), combating the financing of terrorism (CFT) as per FATF, sanctions compliance, specific licensing requirements for Virtual Asset Service Providers (VASPs) and how these translate to technical controls.

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances
• Comprehensive healthcare schemes for employees and dependants
• More that we love to tell you along the process!

• The salary range for this position is $240,000 - $360,000
• The salary offered depends on a variety of factors, including job-related knowledge, skills, experience, and market location. In addition to the salary, a performance bonus and long-term incentives may be provided as part of the compensation package, as well as a full range of medical, financial, and/or other benefits, dependent on the position offered. Applicants should apply via OKX internal or external careers site.

Description

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

How will you make an impact in this role?

American Express' Internal Audit Group (IAG) has reinvented our audit process and is leading the financial services industry with our Audit NextGen, Data-Driven Continuous Auditing, and Auditor of the Future initiatives. Each uniquely support our Winning Aspiration to be a world class internal audit function that:

• Provides data-driven and technology-enabled assurance

• Delivers timely risk insights that are business-aware and forward-looking

• Supports our colleagues with experiences that prepare them to be enterprise leaders

Collectively, IAG's strategic initiatives, combined with our greatest asset - our people - enable IAG to utilize advanced data analysis capabilities, provide greater and continuous assurance, and help ensure quality products and services are provided to American Express customers.

IAG's innovative Data-Driven Continuous Auditing approach has led to patent-pending technology assets over our uniquely developed audit methodology and technology enablers.

We are looking for those who share our mission and aspirations and are passionate about the use of data and technology in a collaborative, people-focused environment.

About the Internal Audit Group at American Express

Our Internal Audit Group is a worldwide function with 300 team members and offices across nine countries within American Express. Our mission is to protect and enhance organizational value by providing independent, objective, risk-based assurance, advisory services and to influence the way the company manages risk.

We are committed to growing our audit staff significantly as we continue to expand and enhance the Internal Audit Group. Our assurance and risk professionals have diverse backgrounds including internal controls, consumer compliance, technology, operational risk, financial accounting, data analytics, and banking operations. Our audit teams align to key risk areas and business units to ensure IAG can provide comprehensive and risk-based audit coverage. In addition, IAG has a Professional Practices group responsible for managing audit operations, quality, and standards; regulatory relations; reporting; training and professional development; and key internal capabilities and technologies.

About the Role:

Our Internal Audit group is seeking an eager Cybersecurity Audit Director to help advance and grow our audit coverage across our cybersecurity audit portfolio. In this role, the ideal candidate will be the team leader for auditors to provide assurance over areas such as application security, infrastructure security, cybersecurity incident readiness and response, encryption management, and cloud services. This is an exceptional opportunity for you to showcase and further expand your audit skills, and knowledge!

About the Team:

The cybersecurity audit portfolio spans the information technology through the enterprise. Audit coverage includes auditing first-line information security processes. The cybersecurity audit team is heavily focused on utilizing a data driven auditing approach across the audit portfolio.

The Key Responsibilities of the role include:

• Lead a team of approximately five technology audit colleagues provide internal audit assurance over first-line information security processes, and deliver cybersecurity thought leadership to the team

• Plan and lead execution of cybersecurity audits on the company annual audit plan

• Ensure that audits delivery assurance and objectives by setting the audit scope, developing test plans, and leading colleagues to evaluate the design and operating effectiveness of cybersecurity controls, including testing control effectiveness with analytics-based testing

• Analyze regulatory and industry cybersecurity requirements and frameworks over risk management, technology, and information security

• Maintain the team's resources, training program, recruiting pipeline, and execute the screening and selection process

• Monitor a portfolio of cybersecurity audit analytics, assess results, & use data to tell the business story, and work with audit and business colleagues to validate findings

• Evaluate cybersecurity audit results, synthesize audit findings across the project, draft audit reports and ensure effective and efficient execution of audits in conformance with professional and department standards, budgets, and timelines

• Present audit objectives, scope, and results to senior management and technology subject matter experts, clearly articulating the potential impact of control gaps in a highly professional and proficient manner

• Assist other team leaders, senior auditors, and staff auditors in accomplishing team objectives and producing results

• Execute multiple simultaneous global audit projects of all sizes and complexity across multiple business areas including integrated audits that consider financial, operational, compliance and technology risk

• Effectively coach, teach, mentor and develop junior colleagues and co-sourced resources in geographically diverse locations across all aspects of their role, the audit and analytic lifecycle, audit methodology, and technology processes & controls

• Monitor industry cybersecurity trends and emerging risks and propose potential changes to the IAG audit universe to ensure audit coverage evolves with the risk environment

• Occasionally lead a team of approximately five technology audit colleagues provide internal audit assurance over first-line information technology general control processes

• Assume full performance management responsibility for assigned staff

Minimum Qualifications

• 7 years of relevant technology audit experience

• 4 years Experience leading audit teams at a Big 4 public accounting firm OR within the financial services industry at a category I, II or III global systematically important bank (GSIB)

• Experience testing all IT General Control technology control domains

• BA, BS, or equivalent degree in accounting or technology related field

• Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)

• An industry recognized cloud certification, e.g., ICS2 CCSP, or complete within 12 months of hire date.

• Knowledge and experience in the application of control theory and professional auditing practices including the audit lifecycle

• Strong knowledge of information security and infrastructure related terminology and concepts (e.g., zero trust, defense in depth, hybrid cloud, infrastructure as code, virtualization, public key infrastructure (PKI), etc.)

• Prior experience in applying cybersecurity concepts and controls/countermeasures in public cloud environments (Amazon Web Services, Google Cloud, etc.).

• Prior experience in analyzing regulatory and industry cybersecurity frameworks (NIST, FFIEC, CRI, MITRE ATT&CK) and applying guidance to audits of cybersecurity controls

• Demonstrated ability to serve as a cybersecurity mentor or coach to junior team members, including prior experience in creating training materials and delivering cybersecurity training to audit teams and departments

• Ability to break-down a complex problem into components, solve them using data analysis, process knowledge and risk/control knowledge, and communicate results and control recommendations with transparency and integrity

• Strong written and verbal communication skills that deliver quality, actionable and beneficial feedback to management on potential control issues and solutions to close gaps.

• Effectively leads a team in a fast-paced environment to drive business results, utilizing related project management skills, employing creative thinking, and the ability to work on competing priorities

Preferred Qualifications

• Financial services industry strongly preferred

• 10 years of relevant technology audit experience

• BA or BS in Cybersecurity, Information Systems, Computer Science, or related field

• Certified Information Systems Security Professional (CISSP)

• Certified Cloud Security Professional (CCSP)

• Experience leading teams in technology, cybersecurity, or information security risk management

• Experience with using data analytic tools, data visualization, key risk indicators (KRIs), key performance indicators (KPIs), and scorecards / dashboards

• Background in information systems, data analytics or information technology

Non-considerations for sponsorship: Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

Qualifications

Salary Range: $130,000.00 to $205,000.00 annually bonus equity (if applicable) benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we'll consider your location, experience, and other job-related factors.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries

• Bonus incentives

• 6% Company Match on retirement savings plan

• Free financial coaching and financial well-being support

• Comprehensive medical, dental, vision, life insurance, and disability benefits

• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need

• 20 weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy

• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)

• Free and confidential counseling support through our Healthy Minds program

• Career development and training opportunities

For a full list of Team Amex benefits, visit our Colleague Benefits Site .

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. American Express will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable state and local laws, including, but not limited to, the California Fair Chance Act, the Los Angeles County Fair Chance Ordinance for Employers, and the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance. For positions covered by federal and/or state banking regulations, American Express will comply with such regulations as it relates to the consideration of applicants with criminal convictions.

We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

US Job Seekers - Click to view the " Know Your Rights " poster. If the link does not work, you may access the poster by copying and pasting the following URL in a new browser window:

Job: Internal Audit

Primary Location: US-Arizona-Phoenix

Other Locations: US-Utah-Salt Lake City, US-New York-New York

Schedule Full-time

Req ID: 25008661