IS Audit Specialist

About The Position

Requirements

• Working knowledge of IT and regulatory frameworks and standards. Examples include: NIST CSF, NIST 800-53, IRS 1075, HIPAA, MARS-E, ARC-AMPE, PCI-DSS.
• Five or more years of experience in information systems audit and control, information security, risk management, or privacy background.
• Proficient use of IT service management, ticketing and GRC tools and software.
• Risk assessment, vulnerability identification and remediation.
• Ability to develop System Security Plans.
• Ability to effectively evaluate IT security and privacy controls.
• Proficient oral and written communication skills.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of a team.
• Attention to detail and strong organizational skills.
• Bachelor's degree in cybersecurity, or related area, from an accredited college/university; or Three or more years of information systems security auditing experience.

Nice To Haves

• One or more industry recognized certification (CISSP, CISA, CISM, Security+, CIPM, CIPP/US, etc.)

Responsibilities

• Audit & Compliance Support : Collaborate with state agencies, technical subject matter experts (SMEs), regulatory bodies, external auditors, and penetration testers to support audits and evidence collection.
• Coordinate internal and external audit responses and manage timelines for corrective action plans (CAPs) and plan-of-action and milestone (POA&M) findings.
• Assist with third-party security assessments and vendor management related security requirements.
• Security & Risk Management : Develop, evaluate, and maintain system security plans (SSPs) and evaluate IT security and privacy controls.
• Conduct gap analyses, track security control exceptions, and document compensating controls.
• Support the process of standardizing and streamlining information security audits and assessments.
• Make recommendations to leadership for reducing internal and partner risks.
• Remediation and Stakeholder Collaboration : Communicate security audit and assessment findings and recommendations and lead remediation efforts through research, documentation, and collaboration with stakeholders.
• Consult with stakeholders to ensure data, processes, and technology are designed for compliance and data protection.
• Develop and maintain standard operating procedures (SOPs) related to compliance reporting, security policies, and regulatory requirements.
• Provide support to OMES and partners to ensure continuous compliance with internal security policies and external regulations.
• Regulatory Compliance and Continuous Improvement : Analyze, interpret, and communicate regulatory changes (e.g., SSA, FTI, CJIS, HIPAA) to the organization.
• Serve as a change advocate to ensure compliance with state, federal, and local government requirements.
• Research the applicability of regulations and identify associated reporting requirements.
• Stay current on best practices in cybersecurity and regulatory compliance to support risk mitigation and asset protection.
• Advise OMES departments regarding data retention and destruction requirements as defined in the Oklahoma Department of Libraries and Archives and/or OMES disposition schedule.
• Helps oversee the approved destruction of agency data as defined in the Oklahoma Department of Libraries and Archives and/or OMES disposition schedules.
• Assist with processing enhanced background checks and CJIS training.

Benefits

• Generous leave including 15 days of vacation, 15 days of sick leave and 11 paid holidays annually.
• A comprehensive Benefit Package with a generous benefit allowance to offset the cost of insurance premiums for employees and their eligible dependents.