Information Security Auditor

About Supermicro:

Supermicro® is a Top Tier provider of advanced server, storage, and networking solutions for Data Center, Cloud Computing, Enterprise IT, Hadoop/ Big Data, Hyperscale, HPC and IoT/Embedded customers worldwide. We are the #5 fastest growing company among the Silicon Valley Top 50 technology firms. Our unprecedented global expansion has provided us with the opportunity to offer a large number of new positions to the technology community. We seek talented, passionate, and committed engineers, technologists, and business leaders to join us.

Essential Duties and Responsibilities:

1. Analyze systems, security controls, and event logs to detect the nefarious activity of the company. Provide regular reports to the team on security incidents, risks, and the overall effectiveness of security measures.
2. Review/Audit the company’s security controls (include supply chain) to ensure they work correctly; Plan, document, and conduct complex audit assignments and projects.
3. Audit access throughout the company's security (include supply chain) and ensure access is at appropriate levels within the company.
4. Collaborate with peer teams to ensure landing the security practice.
5. Work with multiple stakeholders (internal and external) to assess and identify security compliance gaps and propose technical and operational remediation solutions.
6. Develop skills for ISO committee members across teams. Conduct audit fieldwork in accordance with department and company standards.

Qualifications:

• BA/BS degree in MIS, Information Technology/Engineering, or a related field; or the equivalent in education and work experience.
• Certifications are preferred, including (e.g., ISO27001 LA, CISA, CISSP, CPA).
• Minimum 2-3+ years’ experience working as an IT auditor or IT risk adviser for a public accounting firm or within industry.
• 2-3+ years of Information Technology and/or IT audit experience.
• Strong organizational, communication, and interpersonal skills to work with peer teams are required.
• Experience auditing and evaluating infrastructure, cybersecurity risks/controls, and auditing operating systems.
• Knowledge and experience in performing audits of technology projects and programs (SDLC reviews).
• Working knowledge of internal control analyses and risk assessment methodologies.
• Ability to communicate effectively to technical and non-technical audiences, in both written and verbal formats.
• Must be effective at communicating issues through written reports, verbal discussions, and presentations.
• Preparing written reports of completed audits and presenting results to the Manager.
• Ability to work a flexible schedule during key business timelines.