Information Security Compliance Audit Associate

Scope of Role:

The results of this work are reported to RELX Senior Management and the Audit Committee of the Board of Directors on a regular basis. This position is responsible for performing audits and internal testing of controls around both the ChoicePoint & RELX FTC Orders, and other regulatory acts including, but not limited to, FCRA, DPPA, GLBA, and HIPAA/HITECH.

Responsibilities / Accountabilities:

• Executing test plans based on ISO27002:2013/ 2022 and reporting of internal testing for the FTC information security assessment for both RELX and ChoicePoint FTC Orders under the direction and supervision of the Head of Internal Audit and Assurance (IAA) and Head of FTC Information Security & Compliance.
• The FTC Information Security Compliance Audit Associate shall execute and report information technology, security, privacy, and operational reviews with direct and indirect supervision from the Head of FTC Information Security & Compliance, Head of Internal Audit and Assurance and other team members.
• As part of executing test plans, this position will conduct one-on-one interviews with Information Technology control owners to gain an understanding of the underlying information technology control environment. Execution of test plans will include data analysis of system user listings, log files, changes, network diagrams, system configurations, etc. to determine operating effectiveness of controls.
• Test plans will include detailed documentation including narratives of detailed test procedures, test results and description on internal controls as well as detailed explanations of any potential testing exceptions. These reviews will identify business, privacy, security, compliance, information technology and regulatory risks, in addition to identifying cost savings opportunities and typically include the following type of reviews: application audits; network reviews; information security audits; user access reviews; system development life cycle (SDLC) reviews; fraud detection & incident response reviews; regulatory and other compliance reviews (e.g., FCRA, DPPA, GLBA, HIPAA software licensing); and general information technology controls reviews.
• During the internal assessment testing, this position will work closely with the third party auditor to ensure document requests are returned in a timely manner, and the documentation meets the needs of the third party auditor.
• The role will also be responsible for setting up meetings with control owners, obtaining and providing audit evidence as well as preparing IAA work papers.
• Duties also include working with IAA management on existing and proposed information technology projects to integrate continuous auditing technologies such as audit hooks and integrated test facilities into these applications. Identifying control gaps and process improvements and communicating such to the Head of Internal Audit and Assurance (IAA) and Head of FTC Information Security & Compliance.
• Under the direction of the Head of Internal Audit and Assurance (IAA) and Head of FTC Information Security & Compliance, this position will work with the IADP Security Programs group for implementation of remediation and control improvement plans. Provide support, as needed, to the IADP Privacy Programs group regarding its maintenance of the inventory of applications and systems deemed in scope for the assessments, which will be updated at least annually.

Required Skills:

• B.A. or B.S. Degree in MIS, Computer Science, Finance or Accounting
• 0-1 years IT or Security Experience (i.e. development, Q/A, sys admin, etc)
• Strong written and verbal communication skills
• Familiarity with researching applicable new technologies, system control and audit topics on the Internet (i.e., proficient in use of Internet search engines).
• Working Knowledge of Microsoft Access, Powerpoint, Excel and Word
• Working towards CISA or CIPP certification