About Ping Identity:

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. We call this digital freedom. And it's not just something we provide our customers. It's something that inspires our company. People don't come here to join a culture that's built on digital freedom. They come to cultivate it.

Our intelligent, cloud identity platform lets people shop, work, bank, and interact wherever and however they want. Without friction. Without fear.

While protecting digital identities is at the core of our technology, protecting individual identities is at the core of our culture. We champion every identity. One of our core values, Respect Diversity, reminds us to celebrate differences so you are empowered to bring your authentic self to work.

We're headquartered in Denver, Colorado and we have offices and employees around the globe. We serve the largest, most demanding enterprises worldwide, including more than half of the Fortune 100. At Ping Identity, we're changing the way people and businesses think about cybersecurity, digital experiences, and identity and access management.

As an Information Security Auditor, you will manage the internal audit program, including conducting audits, validating controls, working with control owners to understand the controls, tracking remediation, and taking a continuous improvement approach to automating evidence collection and controls testing. You will be focused on improving audit efficiency, including opportunities to automate evidence collection and/or validation. You will create audit reports and work with the data analytics team to track KPIs. In this role, you will also support external audits, including customer audits.

You will:

Manage the internal audit program that encompasses ISO 270001, ISO 27017, ISO 27018, SOC 2, HIPAA, and ITGC.
Manage the comprehensive control plan with regular updates and reviews.
Support external audits, including for ISO 27001, SOC 2, and customer audits.
Manage the compliance and audit platform, working with system owners to implement automated evidence collection and validation to ease the internal audit lifecycle.
Collaborate with the Information Security team for continuous improvements for controls and the security program.
Educate control owners, so they understand what they are being audited against and why.
Maintain relationships with control and evidence owners to identify evidence pain points and improvement opportunities to make evidence collection more effective.
Identify and implement improvements for the Information Security team to self-service evidence and testing to alleviate impact on system and control owners.
Drive automation of evidence collection and validation.
Define internal testing and sampling based on industry standard methods of testing, population requirements, and sample selection guidelines.
Evaluate compliance with regulatory and compliance requirements.
Provide subject matter technical expertise on areas of technical controls testing.
Develop audit runbooks to ease cross-training and audit preparation.

You have:

3+ years of experience with external and/or internal audits against industry standard frameworks, such s ISO 27001 and SOC 2
Understanding of effective security controls at the systems, network, and application level and how to apply with cloud-based services.
Experience auditing AWS, GCP, or Azure.
Experience auditing both cloud services and on prem software solutions.
Understanding of common security domains and methods of auditing them, including security operations, network security, systems administration, sSDLC, encryption, resilience, response and recovery, asset management, identity and access management, and vulnerability management.
Experience streamlining evidence requirements to reduce audit impact.
Knowledge of industry standard control frameworks and guidelines.
Experience applying risk management principles to security organizations.

You have an advantage if you have:

Experience with audit and compliance platforms
Experience managing audits and auditors

Education Requirements:

Bachelor's Degree in business or computer related field or equivalent experience
Applicable certifications: CISA, ISO 27001 Lead Auditor, CISM

Life at Ping:

We believe in and facilitate a flexible, collaborative work environment. We’re growing quickly, but remain true to the innovative, can-do startup values that got us here. Most importantly, we keep hiring talented, smart, fun, and genuinely nice people because that’s who we want to succeed with every day.

Here are just a few of the things that make Ping special:

A company culture that empowers you to do your best work.
Employee Resource Groups that create a sense of belonging for everyone.
Regular company and team bonding events.
Competitive benefits and perks.
Global volunteering and community initiatives

Our Benefits:

Generous PTO & Holiday Schedule
Parental Leave
Progressive Healthcare Options
Retirement Programs
Opportunity for Education Reimbursement
Commuter Offset (Specific locations)

Ping is the collective sum of all our individual experiences, backgrounds and influences and we pride ourselves in growing and learning together. We are committed to building an inclusive and diverse environment where everyone’s individuality is respected and everyone has an Identity. In recruiting for new colleagues, we welcome the unique contributions you can bring and encourage you to be your best self.

We are an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.

Information Security Auditor

Apply for this Job