Staff IT and Security Auditor
WorldPay
Manchester, United Kingdom
2 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
JuniorJob location
Manchester, United Kingdom
Tech stack
Microsoft Windows
Amazon Web Services (AWS)
Data analysis
Software System Penetration Testing
Azure
Unix
Control Objectives for Information and Related Technology (COBIT)
Computer Security
Oracle Applications
PCI Data Security Standards
Systems Development Life Cycle
Cloud Services
Secure Coding
SQL Databases
Software Vulnerability Management
Software Security
Information Technology
Job description
Make your mark at one of the biggest names in payments. We're looking for Staff IT & Security Auditor to join our ever evolving Internal Audit team and help shape the future of global commerce.
What you'll own
- You'll support the execution of risk-based IT, cybersecurity, operational, and integrated audits across global business and technology functions.
- You'll assist with all phases of the audit lifecycle, including: risk assessment, planning, client coordination, fieldwork, data analysis, workpaper documentation, reporting and remediation validation.
- You'll evaluate the design and operating effectiveness of technology and security controls.
- You'll ensure audit testing work papers are documented in a consistent and high quality manner while executing project tasks in adherence to established timelines.
- You'll identify control weaknesses, root causes, and practical recommendations to improve risk management and operational effectiveness.
- You'll perform assigned audit testing and remediation validation in accordance with Internal Audit methodologies and professional standards.
- You'll build and develop Internal Audit's brand within the company through meaningful relationship building.
- You'll enable continuous improvement of the Internal Audit department by identifying and communicating enhancement opportunities to department leadership.
- You'll work with colleagues located both locally and in various offices around the world.
- You'll ensure adherence to all applicable department and company policies, and professional standards.
What you'll bring
- At least one year of relevant audit and / or consulting experience in one or more of the following areas:
- Technical and security control deployment within cloud service provider environments (i.e., Amazon AWS, Google GCP, and Microsoft Azure).
- Information and data protection for sensitive company data
- Information security operations, including vulnerability management, penetration testing, centralized log management, customized security monitoring/alerting, threat intelligence practices and security incident response
- Application security, including secure coding practices, segregation of duties and least privileged access concepts
- System development, project management and change management
- Technology infrastructure design, management and operations across various technology platforms (i.e., mainframe, Windows, UNIX/Linux, SQL, Oracle, etc.)
- Business continuity and technology resiliency
- System implementations
- Integration of business process controls with supporting technologies. Business process workflow documentation, including identification of key risks and the corresponding business and technology controls
- Knowledge of auditing core concepts (risk, control), principles and practices.
Requirements
- Bachelor's degree in Auditing, Business Management or Information Technology.
- Merchant Acquiring / Payment Processing, Card Issuance, and Private-label Consumer Solutions industry experience preferred.
- Familiarity with internal control frameworks, including COBIT, FFIEC, PCI DSS, Sarbanes-Oxley, ISO27001, and ITIL.
- Open to up to 10% travel requirement, including some potential international travel.
- Merchant Acquiring / Payment Processing, Card Issuance, and Private-label Consumer Solutions industry experience preferred.
- CIA, CISA, CISM, CISSP or other relevant certifications are preferred.
- Big Four audit or risk advisory experience preferred.
- Ability to work in a complex and evolving environment.
- Ability to tailor project approaches based on areas of key risks, and critically evaluate audit procedures to maximize the value of each audit project.
- Strong communication and presentation skills with an ability to tailor communications to different audiences.
- Ability and willingness to continuously develop relevant skills and knowledge (company processes, industry standards and trends, audit best practices, etc.).
- Pursue work with enthusiasm, energy, drive and team collaboration.
- Establish and build effective relationships.
- Collaborate with management and senior leadership to improve internal controls and processes.
- Demonstrates ability to consider all team member's input prior to decision making.
- Proactively communicate issues with colleagues and obtain agreement on audit findings and practical recommendations with control owners prior to presentation to management.
It's a bonus if you have
- A background in payments, fintech, or a client-facing commercial role.
- Familiarity with the payment processing industry and common technology control frameworks, including COBIT, NIST Cybersecurity, ISO 27000 series, PCI-DSS, and FFIEC IT Handbook.
About the company
Globalpayers think like a client, act like an owner and win as one team. We're curious and innovative - always finding better ways to deliver impact. We empower each other to make decisions, and it's our passion that drives excellence in everything we set out to do.