Information Security Officer - Auditor

Primary Functions

Be responsible for performing periodically, based on risk assessment, an internal audit of the information security function.

Specific Duties
  1. Examine the information security policies and procedures for compliance with state information security and risk management policies, standards and guidelines.
  2. Examine the effectiveness of the information security policies and procedures; identify inadequacies within the existing security and risk management program and possible corrective action to be taken.
  3. Review and evaluate the effectiveness of controls for automated information systems that are either under development or operational, with particular emphasis on major systems.
  4. Inform management, the information security function and the information's owners, custodians, and users of its findings.
  5. Participate in the risk analysis process.