Information Technology Auditor, Ukraine, Divoro

Job Description

Divoro is growing MSSP (Managed Security Service Provider) in the Cyber Security space.

We are a team of 30 security professionals that are passionate to protect our customers and grow together as a team and as a company.

We are seeking a highly motivated and detail-oriented individual to join Divoro as a Junior IT Auditor. As a Junior IT Auditor, you will play a vital role in assessing the effectiveness and efficiency of information technology systems and controls of our clients. You will work closely with the Security Auditor and stakeholders to evaluate IT infrastructure, identify potential risks and vulnerabilities, and recommend improvements to mitigate those risks.

Your responsibilities will be:

➢ Assist in conducting audits of information systems, including assessing the effectiveness of controls, compliance with policies and regulations, and identifying areas of risk.

➢ Participate in the planning, scoping, and execution of IT audit projects, including the development of audit programs and testing procedures.

➢ Perform testing and evaluation of IT controls, systems, and processes to ensure their adequacy and effectiveness in mitigating risks.

➢ Identify system controls gaps make recommendations and remediation plans to address them.

➢ Assist in documenting IT audit findings, preparing clear and concise audit reports, and communicating findings to management and relevant stakeholders.

➢ Collaborate with cross-functional teams, including IT, finance, and compliance, to ensure alignment of audit activities with business objectives and regulatory requirements.

➢ Assist in monitoring the implementation of audit recommendations and verifying corrective actions are taken by relevant teams.

➢ Contribute to the development and enhancement of audit methodologies, tools, and frameworks to optimize the efficiency and effectiveness of IT audit processes.

Requirements:

➢ Bachelor's degree in Information Technology, Information Security, Computer Science, or a related field.

➢ Excellent verbal and written English skills.

➢ 1+ IT Audit, System Administration, or Cybersecurity background, knowledge, and/or experience.

➢ Understanding of information technology security principles, IT infrastructure, and software development life cycle.

➢ Good communication and interpersonal skills.

➢ Quick learning of new tools and concepts at a high level.

➢ Strong attention to detail and the ability to work independently while adhering to deadlines.

Nice to have:

➢ Knowledge of Google Cloud System and Microsoft 365 administration.

➢ Basic knowledge of PowerShell.

➢ Knowledge of Jira, Confluence, and SharePoint tools.

What we offer:

➢ Great experience in a global cyber security company.

➢ Opportunity to grow with the company in any area you choose.

➢ Direct contract with the American company.

➢ Open-minded, professional team that will be developing & supporting you.

➢ Paid vacation and sick leaves.

➢ Paid professional training.

➢ Medical insurance after the integration period.

➢ Flexible, remote work environment😊

Quick response

Required Knowledge

K0002 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
K0004 Knowledge of cybersecurity and privacy principles.
K0005 Knowledge of cyber threats an`d vulnerabilities.
K0013 Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
K0038 Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
K0048 Knowledge of Risk Management Framework (RMF) requirements.
K0070 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
K0126 Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
K0169 Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
K0624 Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
K0009 Knowledge of application vulnerabilities.

Required Skills

S0367 Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
S0001 Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
S0078 Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
S0112 Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.
S0115 Skill in preparing Test & Evaluation reports.
S0135 Skill in secure test plan design (e. g. unit, integration, system, acceptance).
S0137 Skill in conducting application vulnerability assessments.
S0171 Skill in performing impact/risk assessments.
S0242 Skill in interpreting vulnerability scanner results to identify vulnerabilities.

Required Abilities

A0033 Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
A0001 Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
A0015 Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
A0030 Ability to collect, verify, and validate test data.
A0040 Ability to translate data and test results into evaluative conclusions.
A0092 Ability to identify/describe target vulnerability.
A0106 Ability to think critically.
A0108 Ability to understand objectives and effects.
A0112 Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.