Cyber Security Assurance Analyst - Atlanta, GA, US - Genuent
Cyber Security Assurance Analyst / IT Auditor and Security Control Tester
Contact Lisa Leff - 404-990-3202 email@example.com
First Level Quality Assurance of the testing documentation, evidence, and other supporting material to:
- Confirm the test conclusion (effective, ineffective) is properly supported and has sufficient evidence.
- Confirm self-test was completed in accordance with Aflac's Cybersecurity Control Testing procedure and Self-Testing template
- Confirm that the population was complete for each control and sample selected met all procedural requirements
- Provide QA results to Aflac regional CAP and other stakeholders as needed (i.e. Control Owners or delegates) to obtain agreement with results. Present and discuss any portions of the test that was not executed correctly or completely, or any part of the test documentation that is inaccurate or incomplete. Resubmissions of testing documentation, evidence, and other supporting material by the Control Owner will need to go through the QA process again until the issues identified through the QA have been corrected.
- May help some with facilitation and tracking of the self-testing process.
- This position will primarily be working with the CAP team, Control Owners, and their designated Testers. The Testers will conduct the actual self-test of the control, will document the steps they followed to test it, will attach supporting evidence, and will indicate the test result. This is a test of both control design and operating effectiveness.
- Scope is Information Security/Cybersecurity controls, Physical Security controls, Business Continuity/ Disaster Recovery and Crisis Management controls. It also includes some IT related controls such as change management, capacity planning, and system back-ups.
- Examples of controls that will be tested include physical security controls, system access controls, vulnerability scanning, system patching, disaster recovery response, security incident response, security policy and standards, exceptions to policy, security assessments of applications, third parties, and infrastructure, Business Impact Analysis to declare RTO, anti-malware, DDoS controls, etc.
IT Internal Audit experience with security control testing or SOX and SOC testing related specifically to ITGC (Information Technology General Controls) testing as well as broader testing to include cybersecurity controls and business continuity/Disaster Recovery.
A CISA and/or CISSP is desired.