Autodesk gives you the power to make anything.
Job Requisition ID #
Make an Impact -Join the Growing Autodesk Security Team!
Come join the Security team at Autodesk as a Lead Security and Compliance analyst and you will have the opportunity to gain valuable insight and experience with protecting high scale cloud services within a dynamic, energetic and rapidly changing environment. As a Lead Security and Compliance Analyst, you will be a part of a talented team that designs, builds and deploys secure, safe and trusted solutions that protect Autodesk and its customers. against advanced adversaries. You will have the opportunity to work across many teams including Sales, Privacy, Infrastructure, Legal, Engineering, and Operations. You will also support security initiatives by engaging various process owners in the design, documentation, implementation, and monitoring of IT controls in our environments, and helping demonstrating adherence to these controls with external auditors.
Ultimately, if you bring the passion and a positive attitude, you will have the opportunity to change the way we do things.
The Autodesk Security Compliance team is looking for someone who likes to be part of a team, is a motivated self-starter that is inspired by the idea of driving change within a rapidly growing environment.
- Lead in planning, scheduling and preliminary analysis for internal and external audit projects
- Help drive the Security Compliance strategy
- Establish baselines and synergies between various compliance frameworks (domestic and international)
- Ability to draft up Deficiency Memos detailing the gap, the impact of the gap, controls mappings that are affected, and remediation descriptions
- Develop value added recommendations to address issues
- Facilitate audit testing of SOX ITGC Controls with internal and external audit teams
- Coordinate audit activities across Autodesk, including the notification and scheduling for all affected parties of audit timing, scope, objectives, approach and deliverables
- Automate manual tasks around Security Assurance and Audits
- Work closely with external auditors and internal audit teams on managing and supporting audits
- Complete audit testing, inquiry, observation and other analysis required to meet objectives of audit projects
- Keep existing policies and procedures aligned with audit and security requirements
- Communicate the progress and results of audits throughout the engagement
- Monitor and assess the implementation of outstanding audit and security recommendations
- Request and review vendors auditing documentation to insure alignment with internal controls and provide assessments and recommendations
- Bachelor’s degree in Information Systems or related field, or equivalent experience
- Minimum 5 years of internal or external audit experience, with exposure to the following regulatory and compliance frameworks preferred: AT101 Type2 SoC1 and SoC2, ISO2700x, FedRamp, SOX, PCI DSS
- Experience running and executing SOX ITGC audits with specific experience in scoping financial systems for IT General Controls
- Knowledge base related to controlling and securing system platforms (including Unix and Windows), database platforms, endpoint platforms, and network infrastructures is preferred
- Understanding of Cloud industry technologies and IaaS, PaaS, SaaS platforms preferred. Ability to quickly acquire and apply knowledge of changing technologies implemented is essential
- Good understanding of audit process/methodology, and risk management/advisory ability
- Be flexible and have the ability to adapt to a changing environment, meet deadlines and handle multiple projects
- Have the ability to use a risk-based audit approach in evaluations of and recommendations for management processes
- Ability to present audit findings and recommendations in a manner that will be understood and accepted by all responsible parties
- Posses the tenacity to pursue difficult and sensitive issues to acceptable conclusion
- Excellent communication, interpersonal and time management skills
- Excellent analytical and organizational skills combined with the ambition, ingenuity and the ability to work as part of a team
- Knowledge of Amazon Web Services, Container and Serverless technologies is a plus
- Certified Information Systems Auditor (CISA) and/or Certified in Risk and Information Systems Control (CRISC) strongly preferred. Other certifications add value such as Certified in Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), Certified Information Systems Security
- Professional (CISSP), CPA, and/or CIA. Privacy certifications such as CIPP(US/E) and CIPT are a plus
- The ability and desire to effectively promote ideas and collaborate between the various levels of the organization
- Demonstrated ability to learn quickly and take on new challenges
- Motivated, self-driven, and passionate about your work
- Be an innovative thinker
- Have the determination and ability to solve complex problems
- Be a true team player
- Possess the ability to bring structure to chaos
At Autodesk, we’re building a diverse workplace and an inclusive culture to give more people the chance to imagine, design, and make a better world. Autodesk is proud to be an equal opportunity employer and considers all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender, gender identity, national origin, disability, veteran status or any other legally protected characteristic. We also consider for employment all qualified applicants regardless of criminal histories, consistent with applicable law.
Are you an existing contractor or consultant with Autodesk? Please search for open jobs and apply internally (not on this external site). If you have any questions or require support, contact Autodesk Careers.