Senior IT Auditor (Security Compliance)
CBS BUSINESS UNIT: CBS Corporate
JOB TYPE: Full-Time Staff
JOB SCHEDULE: Full-Time
JOB LOCATION: New York, NY
CBS Corporation (NYSE: CBS.A and CBS) is a mass media company that creates and distributes industry-leading content across a variety of platforms to audiences around the world. The Company has businesses with origins that date back to the dawn of the broadcasting age as well as new ventures that operate on the leading edge of media. CBS owns the most-watched television network in the U.S. and one of the world's largest libraries of entertainment content, making its brand - "the Eye" - one of the most recognized in business. The Company's operations span virtually every field of media and entertainment, including cable, publishing, local TV, film, outdoor advertising, and interactive and socially responsible media. CBS's businesses include CBS Television Network, The CW (a joint venture between CBS Corporation and Warner Bros. Entertainment), Showtime Networks, CBS Sports Network, TVGN (a joint venture between CBS Corporation and Lionsgate), Smithsonian Networks, Simon & Schuster, CBS Television Stations, CBS Television Studios, CBS Global Distribution Group (CBS Studios International and CBS Television Distribution), CBS Interactive, CBS Consumer Products, CBS Home Entertainment, CBS Films and CBS EcoMedia.
Participate in the development & implementation of a security focused audit and control program that aligns with ISO 27001, NIST, PCI Data Security Standard and CBS security standards to test and monitor the IT production environments for potential system integrity exposure and control weaknesses. Conduct internal information technology system audits, identify & assess risks and work with internal control owners to appropriately define and implement risk mitigation plans.
Conduct a security focused PCI DSS and IT control assessments, identify potential weaknesses and create value added, relevant solutions that address internal control needs.
Develop and maintain security related network and business process flow documentation supporting PCI compliance requirements. Advise process and technology owners on documentation requirement and support of testing where appropriate.
Create, and execute security related IT control tests across applications, databases, operating systems, and network devices
Complete PCI Self Assessment Questionnaires and other related regulatory documentation required for annual attestation. Gather and retain support required to validate the claims made in the assessment.
Partner with all levels of IT management to ensure that security testing is conducted in a cooperative, timely and efficient manner with value added reporting and cost effective recommendations being provided to management to strengthen controls
Monitor security remediation plan execution through 'deficiency closed' phase
Five (5) or more years of technology and audit experience (general technology controls, application, and pre-implementation system development reviews) within a public accounting, and/or internal audit function
Two or more years of experience with internal controls evaluation and testing, COSO, COBIT, ITIL, ITGCC, and ISO, SOX 404 requirements including all phases of planning, evaluation, documentation, testing and remediation.
Demonstrated proficiency of technology auditing control disciplines including thorough and general knowledge in security and one or more relevant areas of technical specialization (application development, change management, or operations)
Ability to think analytically; communicate complex issues, and develop control recommendations
Effective written and verbal communication skills with the ability to present control analysis and recommendations with clarity and professionalism
A BA or BS Degree or equivalent in Information Systems, Computer Science, or related field
Professional Certification is preferred (CISA, CISSP, PCIP or equivalent)
Equal Opportunity Employer Minorities/Women/Veterans/Disabled