Information Security Auditor

Andesa Services, Inc is a service and technology company. We are proud to serve the Life Insurance and Annuity industry through custom Software as a Service (SaaS) technology solutions and dedicated business support to end-users such as clients, brokers or policy holders. More information on these services can be found on our website at www.AndesaServices.com.

Andesa was established in 1983 and is located in Allentown, PA. We are a 100% employee-owned company via an Employee Stock Ownership Plan (ESOP), which means when you join our team, you will not only become an employee-owner, you will be contributing to and taking part in the success and longevity of the company!

Position Summary:

Responsible for the designing, testing, reporting, and maintaining IT General Controls and Application level controls for Andesa Services in support of SOC-1/SOC-2/SOC-3 audits and client service level agreements.

Primary Job Responsibilities:

1. Coordinate SOC-1, SOC-2, and SOC-3 reviews with external auditors.
2. Design and execute tests of key IT controls assigned to the Risk Management Office.
3. Assign control activities to "owners" and ensure that they carry out these activities.
4. Educate control owners as appropriate to ensure understanding of controls assigned.
5. Provide a sound basis for the "Management Assertion" in the SOC reports.
6. Respond to client inquiries on the SOC2 reports - i.e. testing exceptions, control remediation, etc.
7. Assist external auditors in walk-thru visits of Andesa facilities and in collection of their requested test samples.
8. Update SOC report narrative sections each year to ensure it accurately reflects Andesa's product service offerings.
9. Provide a written bridge letter and associated diligence for clients.
10. Watermark and distribute the SOC reports to all clients and appropriate third parties.
11. Drive the quarterly Internal Control Questionnaire (ICQ) process designed to assess the design and operating effectiveness of existing SOC controls.
12. Provide quarterly report to Senior Staff on the state of IT controls including control deficiencies in need of remediation.
13. Perform annual security training.
14. Ensure IT compliance incidents are promptly addressed, documented and resolved; consider implications, make recommendations and take appropriate follow-up.
15. Identify IT controls, assess their design and operational effectiveness, determine risk exposures and develop remediation plans.

Knowledge, Skills, and Abilities:

1. Perform security reviews of Andesa’s systems and identify gaps in security architecture.
2. Business Continuity.
3. Review or conduct audits of information technology (IT) programs and projects.

Education, Training, and Experience:

1. Bachelor's degree in Auditing, Information Systems or equivalent experience.
2. At least two (2) years relevant work experience (Auditing, IT Controls, etc.).
3. Appropriate professional certification preferred – e.g., CISA.

Work Schedule:

This is a full-time (40 Hours/Week) exempt position. Hours are flexible within core business hours. This position is fully remote reporting out of our office in Allentown, PA.