Summary: The role of IT M&A Security Assessor involves leading risk assessments and audits of IT controls and systems, including various technological infrastructures. The assessor will evaluate compliance with security frameworks and communicate findings to stakeholders while prioritizing risks and providing recommendations. This position requires independent decision-making on complex issues and effective communication with both technical and business audiences.
Key Responsibilities:
- Lead risk assessments and audits of IT controls and systems.
- Conduct audit review procedures and evaluate technological infrastructure against security frameworks.
- Review business processes, identify and assess controls, and communicate results.
- Identify and prioritize risks, document them, and provide recommendations.
- Make decisions on complex technical approaches for project components.
- Communicate effectively with various audiences, including technical SMEs and business leadership.
Key Skills:
- Experience in IT risk assessment and auditing.
- Knowledge of security frameworks such as HITRUST, NIST, and PCI.
- Strong analytical and problem-solving skills.
- Excellent verbal and written communication skills.
- Ability to work independently and make complex decisions.
Salary (Rate): undetermined
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Client is seeking an IT M&A Security Assessor that: • Can lead a risk assessment and/or audit of IT controls and systems. The scope could include client/endpoints, servers, access management controls, networks, telecommunications systems, and various cloud environments / applications. The assessor’s role is to conduct audit review procedures and evaluate the company''s technological infrastructure against HITRUST, NIST, PCI and other internal security control frameworks, as needed. • Review business processes, identify and assess controls, and communicate results with the team • Can help identify and prioritize risks to the environment, document the risks and recommendations to address the risks and work with the target entity to help them understand the risks. • Makes decisions on moderately-complex to complex issues regarding technical approaches for project components, and work is performed without direction. Exercises considerable latitude in determining objectives and approaches to assignments. • Communicates well verbally and in writing to various types of audiences (e.g., technical SME and business leadership).