General Electric Staff Digital Auditor in Atlanta, Georgia
Job Description Summary
The Staff Digital Auditor performs security assessments and information security audits of Third Parties utilizing established IT risk assessment framework and assessment programs. Conducts IT risk assessments to identify appropriate oversight tier and relevant IT controls. Develops and executes assessment approach based on risk assessments. Prepares assessment reports detailing assessor's review of the information security controls and any control gaps. Engages business to re-mediate issues.
Roles and Responsibilities
In this role, you will:
• Perform 3rd Party information security assessments utilizing established IT risk assessment framework and assessment programs.
• Provide practical recommendations to remediate control gaps
• Prepare present assessment findings to a cross-functional audience.
• Engage business units and Third Parties to remediate control gaps.
• Communicate common information security themes and control gaps identified across the entire Third Party inventory and lifecycle.
• Coordinate across functions such as security, sourcing, legal, and compliance.
• Establish operating rhythm with Business Units to report out on key metrics including status of assessments and issue management.
• Stay current and utilize industry standards and best practices to drive improvements in overall Third Party security posture.
For roles outside USA:
Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with advanced experience.
For roles in USA:Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with minimum years of experience6years
Desired Characteristics• Strong oral communication, business writing, presentation and facilitation skills
• Internationally recognized information security/IT Audit certification/qualifications such as CISSP, CISA, GSNA, GSAE, or CCNA
• Experience performing IT Audits or Security Assessments of 3rd Party Suppliers in a regulated environment (i.e. Financial Services, Critical Infrastructure)
• Detailed understanding of industry accepted Information Security and IT governance standards (i.e. COBIT, ISO, NIST)
• Awareness or experience with industry regulations (i.e. HIPAA, DFARS, Export control, PCI)
• Proven ability to execute across multiple locations and stakeholder groups
• Ability to work cross functionally
• Ability to influence others effectively across a matrixed organization
• Excellent analytical / technical skills
• Strong oral communication, business writing, presentation and facilitation skills
• Experience managing projects across a complex organization and IT landscape
To comply with US immigration and other legal requirements, it is necessary to specify the minimum number of years' experience required for any role based within the USA. For roles outside of the USA, to ensure compliance with applicable legislation, the JDs should focus on the substantive level of experience required for the role and a minimum number of years should NOT be used.
This Job Description is intended to provide a high level guide to the role. However, it is not intended to amend or otherwise restrict/expand the duties required from each individual employee as set out in their respective employment contract and/or as otherwise agreed between an employee and their manager.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer (https://www.eeoc.gov/sites/default/files/2022-10/22-088_EEOC_KnowYourRights_10_20.pdf) . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).
Relocation Assistance Provided: No