Based in Salt Lake City & Provo our team is building the leading industry leading legal case management platform. And the good news? We have a lot of fun while we do it.
The successful candidate will demonstrate our Corporate Guiding Values of Integrity, Consumer Advocacy, Teamwork, Development, Quality and Performance in all areas of his/her work. The IT Audit & Risk Assessor will be a highly skilled individual that is an expert in governance, risk, and compliance (GRC) as well as in auditing and managing risks for security technology. This individual will be experienced with HIPAA, SOC 2 Type I & II and other compliance requirements. This individual will have strong technical and auditing skills to ensure Filevine’s information is secure at all times. Our ideal candidate will not only be a team player but will also have a strong technical audit background and the ability to convey technical information in business terms.
Filevine is looking for an IT Audit & Risk Assessor to join our Information Security team to ensure that our platform, applications, and infrastructure are compliant and secured at the highest levels thus protecting and enhancing customer trust. If you are bright, hardworking, ambitious and enjoy taking ownership for security and compliance, we want to talk to you. This is an exciting opportunity to join a world-class team.
- Strategize and outline goals and objectives of the GRC (IT Audit and Risk management) programs.
- Assist with security efforts to meet HIPAA, SOC 2 Type I & II and other compliance requirements.
- Work directly with Information Security, Legal, HR, Compliance and Development teams to ensure secure IT and IS best practices are fully adopted at Filevine.
- Assess, prioritize, and assist with managing risks on identified vulnerabilities.
- Audit and assess the design and implementation of static application security testing (SAST) and dynamic application security testing (DAST) tools within the SDLC.
- Help train employees on auditing secure coding techniques to mitigate the need for break-fix/out-of-band patching.
- Perform on-going security auditing and testing to improve software security.
- Review audit, compliance and risk assessment issues that arise and manage them to resolution.
- Provide audit frameworks and risk assessment methodologies contemplating new software solutions to help mitigate security vulnerabilities and other business risks.
- Maintain documented Policy and Procedure libraries for compliance purposes.
- Complete Third-party vendor risk management and security questionnaires for Filevine.
- Provided annual Internal audit and risk assessment functions.
- Facilitate and lead annual penetration testing and auditing efforts.
- Develop a familiarity with new auditing and risk assessment tools and techniques.
Qualifications and education requirements required:
- Bachelor's Degree or equivalent in Computer Science, Computer Engineering, Information Technology, or related field.
- 4+ years of experience in IT Audit and direct experience related to risk assessment methodologies.
- Proven work experience as IT Audit & Risk Assessor with a passion for details and security.
- Familiarity with auditing and assessing the OWASP Top 10.
- Experience with managing risks, fraud, and security threats.
- Knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures, Web Databases) and of network/web related protocols.
- Experience assessing, testing, or auditing technical IT and security controls.
- Working knowledge of and demonstrated experience with SOC II Type I & II, HIPAA Security Rule, FedRAMP Moderate, CJIS, GDPR, CCPA/CPRA and other compliance frameworks.
- Demonstrated knowledge of assessing development methodologies (Agile, Waterfall).
- Ability to work in a fast-paced environment.
- Must exhibit excellence in partnering, teamwork, and quality performance.
- Able to effectively give, receive, and respond to feedback.
- Excellent oral and written communication skills with the ability to communicate security concepts to a technical and non-technical audience including senior management.
- Demonstrated ability to establish relationships and build rapport to influence colleagues at all levels, uncover issues, and identify needs.
- Significant experience with auditing frameworks, formal audits, and risk assessment experience.
- Significant experience with automated auditing and compliance tools.
- GRC tool Certification or equivalent experience.
- CISSP Certification or equivalent experience.
- CISM Certification or equivalent experience.
- CISA Certification or equivalent experience.
- CIPP/US Certification or equivalent experience.
- CRISC Certification or equivalent experience.
The job description is not designed to cover or contain a comprehensive listing of required duties or responsibilities. Other duties, responsibilities and activities may change or be assigned at any time with or without notice.
Filevine is an Equal Opportunity Employer. Qualifications for employment, promotion and other terms and conditions of employment are based upon the ability to perform the job. Equal-employment opportunities are provided to all applicants and employees without regard to race, creed, religion, color, age, national origin, sex, disability, veteran status, or other legally protected class. Filevine is committed to providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to disability, or if you have concerns related to Filevine's equal employment opportunities, you may contact us at email@example.com