Cybersecurity Auditor, Audit

info_outlineXNote: By applying to this position you will have an opportunity to share your preferred working location from the following: Chicago, IL, USA; Atlanta, GA, USA.

Minimum qualifications:

Bachelor's degree or equivalent practical experience.

4 years of experience in Internal Audit, Risk, or Compliance roles with a focus on Cybersecurity.

Experience designing, implementing, or testing internal controls and reviewing business processes in conjunction with underlying systems.

Experience developing audit programs, reporting on audit findings, or making recommendations for risk mitigation.

Preferred qualifications:

CISSP, CCSP, PMP, CRISC, CISA, or related certifications.

Experience with relational databases (e.g., SQL).

Experience with structures/principles of object-oriented programming, using Python, Java, C++ or comparable language to evaluate for risk and design.

Experience testing controls to determine compliance with NIST, FedRAMP, ISO 27000 series, PCI-DSS, SOC 2, CCM or other frameworks.

Experience performing risk assessments, designing, or implementing internal controls, and auditing platforms, hardware, and devices, content moderation, online advertising, cloud technologies, content licensing, e-commerce, privacy, security, AI, or regulatory compliance.

Ability to navigate ambiguity, and manage/coordinate multiple projects simultaneously in a fast-paced, deadline-driven environment.

About the job

The Internal Audit team's mission is to focus on reducing risk across Alphabet by monitoring the risk environment and providing insights to enable risk management. The team works with leadership/teams to achieve a control environment that enhances and protects organizational value. As a member of the team, you’ll advise the business and engineering groups to identify areas of risk and make valuable recommendations on controls. You’ll have the opportunity to influence change and decisions for business initiatives including product launches and system implementations.The US base salary range for this full-time position is $122,000-$174,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.

Responsibilities

Work and build relationships with Security and Safety teams to understand the information security risk profile of a function, service, or product area for audit planning and execution.

Design and execute audit programs and procedures to test and provide analysis on the design and operating effectiveness of key security controls that mitigate risks.

Analyze audit results, draw conclusions, and provide practical, risk-based, data-driven recommendations for improvement.

Prepare detailed audit reports summarizing scope, procedures, findings, and recommendations.

Manage relationships with stakeholders and leverage to gain meaningful risk insights to influence the Audit Risk Universe and engagement and service offering prioritization.