Senior Information Security Risk Auditor - Hybrid in MN and/or DC

About The Position

Requirements

• Bachelor’s degree in Information Security, Risk Management, Business OR an equivalent number of 7 years of experience
• 7+ years of progressive experience in information security auditing, risk management, or compliance, with direct experience assessing control design and effectiveness
• 4+ years of experience leading risk-based audits, producing executive-ready reports, and driving timely remediation in complex, regulated environments
• 4+ years of experience working cross-functionally with control owners, risk teams, and technology stakeholders in a matrixed organization
• Advanced level of experience with GRC tools, control testing methodologies, and cloud security baselines; familiarity with SOX/SOC evidence requirement

Nice To Haves

• Professional certifications such as CRISC, CISA, CISSP, or CIA

Responsibilities

• Plan and execute risk-based assessments of control design and operating effectiveness across critical security domains (e.g., identity, access, network, cloud, data protection)
• Validate controls are designed to mitigate identified risks and align with regulatory and internal requirements
• Review control documentation, evidence, and automation guardrails for completeness and accuracy
• Recommend improvements to control design for scalability, automation, and resilience
• Ensure controls map to applicable frameworks (NIST CSF, ISO 27001) and regulatory obligations (SOX, SOC 2)
• Conduct quarterly control effectiveness reviews and produce dashboards showing adherence rates and aging gaps
• Drive closure of control deficiencies identified during audits or regulatory reviews within defined SLAs
• Validate alignment of controls to risk statements, frameworks, and obligations
• Facilitate control governance councils and working groups to ensure alignment across business units
• Develop executive-ready summaries highlighting control effectiveness, risk implications, and required actions
• Provide training and awareness sessions to reinforce control requirements and accountability
• Serve as the subject matter expert for control design and effectiveness
• Ensure interoperability between control governance processes and enterprise GRC platforms
• Continuously improve control assurance practices through automation, dashboards, and AI-enabled insights
• Act as liaison with regulatory affairs, internal audit, and risk management teams for control-related inquiries

Benefits

• In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements).
• No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives.