IT Audit and Compliance Engineer

Job Overview:

The Audit and Compliance Project Engineer is responsible for leading compliance verification activities and ensuring that subsystems, applications, and projects successfully onboard to compliance platforms. This position is critical for conducting regular audits, ensuring that applications and systems comply with internal security policies and external regulatory requirements, and identifying areas for improvement. The role will also involve preparing the organization for audits, managing compliance-related documentation, and using tools like Power BI for reporting and monitoring progress. A key part of the role includes overseeing privileged access management systems (PIM and PAM), ensuring they align with security and audit requirements as part of the overall compliance strategy.

Key Responsibilities:

• Compliance Auditing and Verification: Conduct thorough audits and assessments to ensure systems, applications, and subsystems meet necessary security policies, standards, and regulatory requirements.
• Audit Preparation and Support: Provide guidance and support to application and engineering teams to ensure they are prepared for audits, focusing on documentation, processes, and access control policies.
• Compliance Advisory: Advise teams on best practices for maintaining compliance, helping them understand compliance requirements, and preparing them for both internal and external audits.
• Process and Protocol Development: Develop and maintain compliance protocols, ensuring that systems and applications are onboarded to compliance platforms with the proper checks in place.
• Collaboration with Engineering Teams: Work closely with engineering and IT teams to address compliance issues, improve existing processes, and implement security controls.
• Privileged Access Management (PAM) and PIM Oversight: Collaborate with security teams to ensure that privileged identity management (PIM) and privileged access management (PAM) systems are compliant with security policies and audit requirements.
• Reporting and Dashboards: Design, maintain, and improve management dashboards using Power BI to track compliance progress, identify areas for improvement, and report on audit findings.
• Risk Mitigation: Proactively identify compliance and security risks, working with teams to resolve issues and improve the overall security posture of the organization.
• Governance and Documentation: Ensure all documentation related to compliance, audits, processes, and controls is accurate, up to date, and easily accessible for audits and reporting.
• Continuous Improvement: Analyze audit feedback, regulatory changes, and industry trends to improve compliance processes, ensuring that systems remain in compliance and are prepared for future audits.
• Compliance Readiness: Ensure the organization is always audit-ready by ensuring that systems, applications, and documentation are compliant with internal and external regulatory standards.

Key Requirements:

• Education: Degree in Information Technology, Computer Engineering, or a related discipline.
• Experience: At least 5 years of experience in IT operations, support, or governance, with a strong focus on compliance auditing, security controls, and governance.
• Audit Knowledge: Demonstrated experience in conducting audits and preparing for audits, particularly for IT systems and applications. Familiarity with relevant compliance frameworks and standards (e.g., ISO 27001, NIST, GDPR).
• Technical Expertise: Solid understanding of identity and access management (IAM), as well as systems such as Windows Active Directory, RHEL Linux, Cloud AD, and IAM solutions like AWS IAM.
• Reporting and Data Analysis: Proficiency in tools like Power BI and Tableau to create compliance dashboards and analyze compliance data.
• Problem-Solving and Analytical Skills: Strong ability to identify and address compliance gaps, resolve security risks, and recommend solutions to improve processes.
• Communication Skills: Excellent verbal and written communication skills, able to effectively engage with cross-functional teams, present audit findings, and provide clear guidance on compliance requirements.
• Governance and Security Controls: Knowledge of governance frameworks and security control best practices, particularly around compliance management, security policies, and audit controls.
• Attention to Detail: High attention to detail to ensure that compliance activities are accurately documented and aligned with organizational policies and standards.

Preferred Qualifications:

• Experience working with PIM/PAM systems and ensuring compliance for privileged access management.
• Familiarity with government IT security policies, frameworks, and regulatory compliance standards.
• Hands-on experience in large-scale enterprise security projects, especially with compliance for cloud-based systems.
• Knowledge of audit methodologies and risk management practices.
• Familiarity with compliance tools, such as GRC platforms or audit management software.