Senior Infosec Auditor Job in Adobe

What You Will Do

• Security Assessments & Audits: Work under the guidance of the RAAS Group Manager to plan and execute security assessments for Adobe s internal controls, including on-premise and public cloud environments.

• Cybersecurity Review & Risk Analysis: Conduct assessments related to cybersecurity, including security architecture reviews, workflow assessments, configuration reviews, cloud security reviews, and vulnerability assessments/penetration testing (VA/PT). Stay up-to-date on emerging risks like ransomware.

• Information Security Domains: Assess key information security domains such as User Access Management, network, OS, and application security, encryption, backup management, disaster recovery, and employee training/awareness programs.

• Cloud Security: Evaluate security architecture, design, and technologies supporting cloud platforms (AWS, Azure, Google Cloud, etc.), with a focus on ensuring robust controls in these environments.

• SOX Program Support: Contribute to the delivery and scaling of the Sarbanes-Oxley (SOX) compliance program, including hands-on involvement in designing and testing IT General Controls (ITGC) and IT application business controls.

• Project Management: Assist in developing detailed project plans covering scope, schedule, budget, quality, communication, and risk management, ensuring all assessments and audits are conducted efficiently.

• Reporting & Dashboards: Present insightful, data-driven dashboards and reports to senior management, helping them understand the overall security posture of the organization.

• Stay Current on Security Trends: Continuously monitor emerging cybersecurity trends, technologies, and regulatory changes to ensure Adobe remains at the forefront of security best practices.

What You Need to Succeed

• Education: Bachelor s or Master s degree in Information Systems, Computer Science, Information Technology, or a related field.

• Experience: 3-5 years of hands-on experience in Information Security, with a solid understanding of security controls and risk management.

• Certifications: Relevant certifications such as CISA, CISSP, CRISC, or CCSP are required. Additional certifications such as AWS/Azure Architect and security specialty are a plus.

• Technical Expertise:

  • Experience in areas such as application security, system security (Linux/Windows), network security (firewalls, routers, LAN/WAN security), mobile device security, and wireless security.
  • Strong expertise in cloud technologies (IaaS, SaaS) and web technologies.
  • Proven experience with auditing and implementing security controls for cloud environments (AWS, Azure, Google Cloud).

• Vulnerability Management: Familiarity with vulnerability management tools like CVSS, CVE, and penetration testing practices.

• Compliance Knowledge: Deep understanding of information security governance frameworks like COBIT, NIST, and ISO 27001, as well as regulatory requirements such as SOX, GDPR, and PCI-DSS.

• Risk Management: Ability to interpret compliance requirements and apply them to risk management and governance processes.

• Continuous Monitoring: Knowledge of controls automation, continuous monitoring practices, and vulnerability assessment tools.

• Strong Communication Skills: Excellent verbal, written, and presentation skills, with the ability to collaborate effectively with colleagues from diverse technical backgrounds.

• Analytical Mindset: Strong analytical and problem-solving skills, including the ability to simplify complex security issues and research solutions.

• Teamwork & Initiative: Ability to work effectively in a team, be self-motivated, and maintain a positive, proactive attitude. Ability to manage multiple projects simultaneously and meet deadlines.

• Travel: Willingness to travel approximately 10% of the time.