4,183 Information Systems Auditor jobs in the United States

At Kia, we're creating award-winning products and redefining what value means in the automotive industry. It takes a special group of individuals to do what we do, and we do it together. Our culture is fast-paced, collaborative, and innovative. Our people thrive on thinking differently and challenging the status quo. We are creating something special here, a culture of learning and opportunity, where you can help Kia achieve big things and most importantly, feel passionate and connected to your work every day.

Kia provides team members with competitive benefits including premium paid medical, dental and vision coverage for you and your dependents, 401(k) plan matching of 100% up to 6% of the salary deferral, and paid time off. Kia also offers company lease and purchase programs, company-wide holiday shutdown, paid volunteer hours, and premium lifestyle amenities at our corporate campus in Irvine, California.

Status

Exempt

General Summary

Kia America (KUS) is seeking an Associate Information Systems Auditor on the Operational Risk Management (ORM) team. This is an individual contributor role reporting to the Information Systems Audit Manager. The ORM team oversees KUS's risk management processes including KSOX compliance (preventive), continuous monitoring (detective), and corrective actions (responsive). The position will play a critical role in ensuring Kia's information technology systems, data, and processes are secure, reliable, and compliant with KSOX regulations. The Associate Information Systems Auditor will also provide systematic support during various projects of Corporate Audit and Dealership Audit teams.

Essential Duties and Responsibilities

1st Priority - 55%

Assist Information Systems Audit Manager in the testing of Kia's compliance with K-SOX requirements and COSO framework.

• Support periodic testing on an annual, quarterly, and monthly basis, including automated and general IT controls.
• Coordinate with external auditor by preparing PBC (Provided By Client) requests and supplying necessary documentation, samples, and proof for concurrent testing.
• Conduct internal testing of systems and controls to ensure compliance and proper functionality.
• With direction from Information Systems Audit Manager, maintain and update audit procedures, flowcharts, and control steps as business practices evolve.

• Collect and compile necessary data based on audit requirements, perform analysis, and prepare findings.
• Coordinate with the Information Systems Audit Manager to ensure the appropriate data and analyses are available for review.
• Present findings to the Audit Manager for discussion with Corporate Audit and Dealership Audit teams.

• Facilitate communication between IT and Internal Audit departments for new department IT projects and system implementations.
• Gather and document business requirements, translate them into technical terms.
• Provide project management support, including scheduling, milestone tracking, and follow-ups, under the direction of the Audit Manager.
• Coordinate across multiple projects simultaneously, maintaining communication with IT team members and escalating issues to the Audit Manager for resolution as needed.

• Perform administrative tasks, recordkeeping, reporting, and other routine audit responsibilities.
• Draft correspondence, memos, proposals, and audit reports as assigned.
• Communicates activities and seeks guidance from Internal Audit management.
• Complete required annual Continuing Professional Education (CPE) training.

• Bachelor's degree in Information Systems, Accounting, Computer Science, or relevant work experience required

• 0-2 years of corporate audit experience required.
• Experience in IT auditing, technology risk assessments, or IT internal control evaluations preferred.
• Experience in SOX compliance testing and operational audits a plus.
• Experience with SAP a plus.

• Excellent soft skills, communication, and professional demeanor while auditing KUS Departments, Business Processes and Vendors.
• Develop good working relationships with KUS Departments.
• Proficient understanding of IT systems, networks, cybersecurity principles, and cloud security.
• Basic understanding of relevant auditing tools/software.
• Ability to analyze complex data, identify patterns, and draw conclusions regarding IT controls and potential risks.
• Ability to communicate effectively both in writing and verbally.
• Understanding how IT systems support business operations and ability to align audit findings with organizational goals.

• Care for People
• Chase Excellence Every Day
• Dare to Push Boundaries
• Empower People to Act
• Move Further Together

This job requires relocation to the United States, Silicon Valley, through the use of a TN visa. If selected for this job, the process of coming to the United States will be handled by Tech-Mex.

The Information Security Engineer maintains 24x7 support, responds to vendor security questionnaires, performs monitoring and maintenance of the security infrastructure and components, participates in project planning and deployment of new technologies and will be responsible for remediation of identified compliance and risk gaps. He/she works independently, operating under the defined guidelines established by the Director of Information Technology and Security.

ESSENTIAL Job Duties & Responsibilities

• Monitor and advise on information security issues related to the systems and workflow to ensure the internal and external security controls for the company are appropriate and operating as intended
• Documenting gaps between vendor requirements and National MIs infrastructure
• Coordinate and execute IT security projects
• Coordinate response to information security incidents
• Conduct company-wide audits and manage remediation plans
• Collaborate with other areas of IT to manage security vulnerabilities
• Conduct research to keep abreast of latest security issues
• Ensures that system documentation is accurate and updated as needed
• Participates in disaster recovery (DR) exercises as directed
• Logfile review and analysis
• Install and maintain new systems
• Prioritize remediation of gaps based on internal and external audits
• Prepares compliance reports by collecting, analyzing, and summarizing data
• Evaluates information to determine compliance with laws, regulations, or standards

• 3-5 plus years related work experience
• Vendor audit and compliance experience, preferably with the SIG framework
• Strong technical skills in anti-virus, DLP, and PKI
• Strong experience with the McAfee suite of products
• Solid understanding of networking concepts and system administration
• Experience with Nessus, RSA envision, RedHat Linux and database security
• Knowledge of data compliance and privacy standards and regulations as they apply to insurance and banking industries
• Knowledge of Information Security Standards (ISO27001, NIST, etc)
• Self-motivated, self-directed and shows attention to detail while working
• Ability to effectively prioritize and execute reporting tasks in a fast-paced, results-driven environment

• Extensive experience working in a team-oriented, collaborative environment with a diverse team of business and IT staff
• Bachelor's degree in Computer Science or Information Systems preferred; Professional certifications are an advantage

• The ability to function independently with minimal supervision.
• Works ethically and with integrity supporting organizational goals and values
• Displays commitment to excellence
• Completes work in a timely manner and meets deadlines
• Good verbal and written communication skills
• Meets productivity standards and achieves key outcomes
• Is dependable and keeps commitments
• Contributes to building a positive team spirit and treats others with respect

***Must sit in Charlotte, NC, but will be remote!***

Position: Information Security Engineer

Duration: FTE

Compensation: 90-100k with 7.5% bonus

Location: REMOTE but must sit in Charlotte, NC

Summary:

The Information Security Engineer will conduct vulnerability assessments, threat hunting activities, and evaluate deviations from security configurations or policies. The team member also develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

Essential Functions:

Expertise in Information Security Programs

• Conduct Vulnerability Assessments
• Company Security Policy and Procedure Upkeep
• Risk Assessments
• Threat Hunting
• Security Awareness Training
• Operational Security Oversight

Desired Qualifications:

• Degree in Computer Science or related work experience
• 2 years in direct related work experience
• Passion and vision
• Strong communication and presentation skills

Desired Experience:

• Intermediate knowledge of risk management processes
• Intermediate knowledge of information security regulations
• Intermediate knowledge of information technology (IT) supply chain security/risk management policies, requirements, and procedures.
• Experience in Payment Card Industry, Data Security Standards (PCI-DSS), Graham Leach Bliley (GLBA), Healthcare Insurance Portability and Accounting and Accounting Act (HIPAA), Sarbanes-Oxley (SOX)
• Demonstrated real world experience performing grey and black box penetration testing as well as cyber threat emulation services (opposing force)
• Have an understanding of common Web Application vulnerabilities like XSS, CSRF, and others.
• Must be proficient in several of the following tools: PowerShell, Metasploit Framework/Pro, Nexpose, Burp, and the Social Engineering Toolkit
• Must have solid working experience and knowledge of Windows and Unix/Linux operating system, mobile platforms a plus
• Firm understanding of networks, systems and data center architecture
• (Certified Ethical Hacker (CEH)) and (Licensed Penetration Tester (LPT), GIAC Penetration Tester (GPEN), Certified Penetration Tester (CPT)) OSCP or equivalent desired

MUST HAVES

• Azure and/or AWS
• Cloud Incident Response

Role Overview

The Information Security Engineer II – Cloud Incident Responder tackles moderately complex security engineering challenges within their domain. They maintain and enhance existing security controls while actively participating in the design and development of new solutions. They proactively identify and address vulnerabilities or deficiencies within their domain, develop and implement robust controls to mitigate these risks, create detailed documentation, and implement mechanisms to ensure the effectiveness of solutions.

The Engineer II – Cloud Incident Responder will focus on building and operationalizing cloud-specific incident response processes, playbooks, and procedures across Azure, AWS, and GCP environments. This role requires strong technical expertise in cloud security and incident response, and will be instrumental in improving MGB’s ability to detect, respond to, and recover from cloud-based threats.

The Engineer II – Cloud Incident Responder is expected to work independently on moderately complex problems within their domain and provide guidance to junior team members to support their development. They will regularly engage with external stakeholders and partners to support the development of effective solutions.

Responsibilities

• Takes ownership of specific modules or components within projects or tools, from design to implementation.
• Reviews and provides constructive feedback on build/code contributions from team members.
• Participates in architectural discussions and contributes to the design of complex solutions.
• Proactively identifies and optimizes improvement in existing processes.
• Mentors junior team members, sharing knowledge and best practices.
• Cross-Functional collaboration with other teams to ensure successful solution delivery.
• Designs and maintains cloud incident response playbooks tailored to Azure, AWS, and GCP environments.
• Develops and documents cloud-specific IR procedures, including detection, triage, containment, eradication, and recovery workflows.
• Collaborates with cloud engineering, SOC, and threat intelligence teams to ensure alignment of IR capabilities with cloud architecture and threat landscape.
• Participates in tabletop exercises and simulations to validate cloud IR readiness and improve response capabilities.
• Implements automation and orchestration for cloud incident response using native and third-party tools.

Qualifications

• Bachelor’s or Associate’s Degree or requisite experience
• 3+ years of relevant experience
• Experience in cloud security and incident response across Azure, AWS, and GCP
• Certifications such as AWS Certified Security – Specialty, Azure Security Engineer Associate, or Google Professional Cloud Security Engineer are preferred

Skills / Abilities / Competencies

• Strong understanding of cybersecurity concepts within their domain
• High proficiency with the tools and solutions supported by the team
• Solid understanding of system architecture and design
• Strong problem solving skills and analytical thinking to identify solutions to complex problems, and to optimize existing solutions
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
• Excellent communication and teamwork skills to share knowledge, present ideas, and lead discussions
• Proficiency in cloud-native security tools such as AWS GuardDuty, Azure Sentinel, and GCP Security Command Center
• Experience with SIEM, SOAR, and EDR platforms in cloud environments
• Ability to analyze cloud logs and telemetry for threat detection and investigation
• Strong understanding of cloud architecture, IAM, and network security principles

Job DescriptionJob Description

Rea is a growing Top 100 business advisory & accounting firm providing our clients services in tax, accounting, and business consulting. We have a ‘People First’ culture and we focus on our employees’ well-being and professional development. With over 400 professionals and locations throughout Ohio, our firm has a culture that respects a work-life balance for our team. We also provide competitive compensation and a robust benefits plan.

The Information Security Manager is responsible for overseeing and improving the firm’s information security program to protect systems, data, and infrastructure. This role focuses on managing security risk, compliance, incident response, and continuous improvement of security posture. The Information Security Manager collaborates cross-functionally with IT and other business and practice areas to implement effective security controls and foster a culture of security awareness. 

Responsibilities

• Develop, implement, and maintain the firm’s information security program and initiatives roadmap

• Develop, implement, maintain, and monitor security policies, procedures, and standards in alignment with industry best practices and regulatory requirements

• Conduct regular risk assessments, vulnerability scans, and security reviews to identify and mitigate potential threats and vulnerabilities

• Identify, build, and implement data protection processes and technologies

• Work with the firm’s third-party service providers to help manage firm information security risk

• Coordinate the firm’s incident response efforts, including investigation, documentation, communication, and post-incident analysis

• Evaluate and recommend security tools and technologies to enhance protection and visibility

• Manage the third-party risk program, including vendor security assessments and reviews

• Maintain compliance with applicable laws, regulations, and contractual obligations by leading audits, gap analyses, and remediation efforts

• Lead security awareness training initiatives and phishing simulations to educate employees and promote secure behavior

• Collaborate with IT teams to ensure secure configuration and management of systems, networks, and cloud environments

• Track, report, and present security metrics to leadership and stakeholders

• Serve as the internal subject matter expert on cybersecurity, privacy, and data protection

• Other duties as assigned

Knowledge, Skills, and Abilities

• Expert-level understanding of information security risks and controls, including the zero-trust model

• Advanced knowledge of information security audit and assessment methodologies and best practices

• Expert-level knowledge of information security frameworks, risk management, and incident response

• Strong experience with security tools and platforms (e.g., vulnerability scanners, firewalls, endpoint protection) 

• Strong understanding of security principles in cloud (e.g., Azure, AWS), on-prem, and hybrid environments

• Thorough understanding of compliance programs (e.g., SOC 2, HIPAA)

• Ability to stay current with emerging technologies and architectures

• Solid understanding of IT enterprise architecture in a security context

• Highly self-motivated

• Exceptional written, oral, interpersonal, and presentational skills

• Strong analytical and trouble-shooting abilities

• Keen attention to detail

• Ability to effectively prioritize and participate in simultaneous projects of moderate to high complexity

• Knowledge of analysis, requirements gathering, and industry best practices and tools

• Ability to effectively communicate between business and IT stakeholders

• Ability to use discretion and handle confidential information

Requirements

• Post-secondary education in the field of computer science, information systems, networking, information security, or related discipline
• 5+ years of full-time work experience in cybersecurity, information security, or information technology
• : CISSP, CISM, CISA, Security+  certification

Benefits

Rea offers a wide variety of benefits to help support our employees' health, wellness and financial goals.

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Holidays)
• Four (4) weeks PTO
• Twelve (12) paid holidays, of which three (3) are floating holidays
• Family Leave (Maternity, Paternity)
• Short Term & Long Term
• Training & Development
• Wellness Resources

Rea does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies without pre-approval from Rea’s Talent team. Pre-approval is required before any external candidate can be submitted. Rea will not be responsible for fees related to unsolicited resumes and for candidates who are sent directly to our hiring managers.

We are looking for an experienced Information Security Governance Risk Compliance resource. This person would be relatively senior (7+ years of GRC) and able to operate relatively independently against a goal with touchpoints to leadership a few times per week. The initial project would be to.

Monitor their organizations networks for security breaches and investigate a violation when one occurs

Install and use software, such as firewalls and data encryption programs, to protect sensitive information

Prepare reports that document security breaches and the extent of the damage caused by the breaches

Conduct penetration testing, which is when analysts simulate attacks to look for vulnerabilities in their systems before they can be exploited

Research the latest information technology (IT) security trends

Develop security standards and best practices for their organization

Recommend security enhancements to management or senior IT staff

Help computer users when they need to install or learn about new security products and procedures

The Manager, Information Security is responsible for implementing and executing WPCU's Information Security program and strategies under the leadership of the VP, Information Security. This role will collaborate with all lines of business through projects, risk assessments, controls, and control effectiveness reviews. The manager will oversee tools utilized by the Information Security team to provide feedback on vendors and applications. Position will be responsible for collaboration with various business units during a data incident to ensure incidents are properly documented and evidence is captured. This role will be expected to provide thought leadership to ensure the efficiency and effectiveness of the Information Security team.

The major activities for this position include:

1) Information Security Operations (40%)

a) Develop and oversee control effectiveness reviews to ensure all activities align in scope and frequency with information security policies and approved information security frameworks.

b) Develop and oversee information security's involvement with vendor due diligence processes.

c) Develop and oversee Identity Access Governance processes to ensure alignment with the principle of least privilege access.

d) Develop and oversee information security related risk assessments. Develop and oversee processes to rate criticality of applications and controls to ensure risk assessments are aligned.

e) Ensure all assessments are completed in a timely manner including developing appropriate cross training plans to schedule impacts.

f) Develop and oversee reporting related to all assessments to ensure risk levels are appropriately assigned and management responses are captured.

g) Ensure identified gaps from information security assessments are appropriately tracked. Coordinate with various business units to collect timely updates.

2) Personnel Management & Procedures (20%)

a) Mentor assigned partners by administering individual development plans, making recommendations for promotions, or implementing coaching plans. This includes performing regular 1-on-1s with partners and completing annual reviews.

b) Ensure departmental procedures are effective, up-to-date, and follow company standards.

3) Project Management (20%)

a) Participate in project planning events to provide estimated work effort for projects including pro-active escalation of resources constraints to the VP of Information Security.

b) Assist in fostering an enterprise-wide security first culture by participating in project requirement gathering session. Inform project owners of applicable controls, audit findings, or control effectiveness gaps that are appropriate for the project.

c) Attend on-going project meetings to advise and ensure information security controls are addressed.

4) Incident Management (10%)

a) Role will be responsible for ensuring data incidents are tracked, properly documented, and evidence has been collected.

b) Provide regular status updates to the VP of Information Security on open data incidents.

5) Audit and Regulatory Exam Support (10%)

a) Assist the Vice President of Information Security with internal and external audits to ensure document collections are completed in a timely manner and properly vetted.

b) Serve as subject matter expert during internal and external audits related to activities completed by Information Security.

c) Ensure assigned business units are operating efficiently and reliably, are in compliance with applicable laws, regulations, and rules, have appropriate operating controls to mitigate risk, and are performing at a high level.

Required Skills

This leader in information security must be skilled at developing and leading strategic Information Security programs across the enterprise in a complex, multi-system and multi-vendor environment. Strong, practical knowledge of Information Security concepts and technical architecture are essential. Expert knowledge of risk and information security frameworks are essential.

1) A bachelor's degree is required, preferably in Information Technology, Information Security, or a related field. A master's degree in a related discipline is preferred.

2) At least 7+ years of experience in Information Technology or Information Security is required, with at least 3+ years of experience in a leadership role. Demonstrated experience with developing mapping controls to business processes, building control effectiveness reviews, or building risk ratings to allow business units to identify priorities is preferred.

3) A Certified Information System Security Professional (CISSP), Certified Information Security manager (CISM), or similar certification is required.

4) Demonstrate experience in evaluating vendor due diligence and vendor risk assessment processes.

5) Demonstrate experience in Identity Access Management including how to perform user access and rights reviews to align with least privilege access.

6) Demonstrate experience with developing and implementing a risk assessment process that is collaborative with business units and documents risk in accordance with board approved risk appetite.

7) Demonstrate strong leadership skills including the ability to work collaboratively and manage a remote workforce.

8) Demonstrate ability to drive and manage initiatives that increase operational efficiency, enhances quality, and improves/maintains service levels.

ATI builds and manages collaborations that conducts research and development of new technologies to solve our nation's most pressing challenges. Our collaborations are custom-built teams of organizations from industry and academia that develop novel technologies for the federal government. Traditionally, these processes are complicated and burdensome. That's where ATI comes in. We simplify and streamline processes to make it all work. When you work at ATI, you become a part of something larger than yourself. Our collective work no matter what department or division you work in ultimately enables the warfighter, saves lives, and diversifies the industrial base. At our core, ATI is a service organization. We are in service to others; it's what we do, and it's who we are. Apply at ; we only accept applications submitted through our applicant tracking system. This position offers a hybrid schedule (in-office & remote/work from home) or an onsite schedule. Candidates will need to reside near Charleston, SC to ensure work site flexibility.

The Information Security Manager will assist with the overall direction of enterprise-wide security functions associated with Information Technology and protect information assets from intentional or inadvertent access, modification, destruction and/or disclosure. The ideal candidate will possess a deep understanding of cybersecurity principles and practices, and will be responsible for designing, implementing, and maintaining robust security solutions to protect our company's critical assets. You will lead initiatives to strengthen our security posture, respond to incidents, and collaborate with cross-functional teams to ensure the integrity, confidentiality, and availability of our systems and data.

• Security Design & Implementation
• Incident Response
• Vulnerability Management
• Threat Analysis
• Policy & Compliance
• Collaboration
• Security Tools & Technologies
• Training & Awareness
• Documentation

• Other duties as assigned

Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Advanced degree or relevant certifications (e.g., CISSP, CISM, CEH) preferred.

Experience: Minimum of 6-10 years of experience in cybersecurity with a proven track record in a senior or lead role.

Technical Skills: Strong knowledge of network and system security, including firewalls, intrusion detection/prevention systems, VPNs, and encryption technologies. Proficiency with security tools such as SIEM, IDS/IPS, and vulnerability scanners.

Analytical Skills: Excellent problem-solving, analytical and troubleshooting skills, with the ability to assess complex security issues and develop effective solutions.

Communication Skills: Strong verbal and written communication skills, with the ability to articulate security concepts and issues to both technical and non-technical stakeholders.

Certifications: CISSP or equivalent Cyber Security certification.

Personal Traits: Detail-oriented, proactive, and able to work independently as well as part of a team. Strong organizational skills and the ability to manage multiple priorities effectively.

U.S. Citizenship required, must be able to possess and maintain a DOD security clearance.

This position is subject to a background check that includes a review of criminal records. In reviewing an applicant's criminal history, the company will consider prior criminal convictions that have a relationship to the job duties and responsibilities of the position. The company considers the nature of the crime, the time that has elapsed since the crime and the job duties for the position at issue in making an individualized determination. Individuals may be excluded when the company determines, based on the above factors, that hiring, transferring or promoting the applicant would pose an unreasonable risk to the business, its employees or its customers and vendors. If you are a qualified candidate, we encourage you to apply even if you have a prior criminal conviction(s). Convictions will not automatically disqualify the candidate, However, conviction(s) will be considered and balanced against the age of the candidate at the time of the offense, time elapsed since the offense, type of offense, potential impacts of such on the work environment, sensitivity of the position(s) available/sought, and similar independent factors relevant to the employment requirements at ATI.

Regular physical activity to include walking, bending, stooping, reaching, standing and prolonged sitting. Ability to use phone and computer systems, copier, fax, and other office equipment. Must be able to occasionally move/lift up to 25 pounds with or without reasonable accommodation.

This position is located in an air-conditioned, environmentally controlled atmosphere. Noise level in the work environment is usually moderate.

ATI has been named "Best Places to Work in SC" from . This is a full-time opportunity with benefits ATI provides Medical, Dental and Vision Plan options Flexible Spending Accounts, including health and dependent care accounts 403B Retirement Savings plan with a very competitive company contribution Personal time-off (pre-loaded & accrued) plus 12 paid holiday-days Life Insurance paid by ATI Paid Parental Leave Short-Term & Long-Term Disability Coverage paid by ATI Employee Assistance Program Tuition Reimbursement Program Flexible work schedules ATI's standard business hours are Monday-Friday, between 8 AM - 5 PM.