Cybersecurity Auditor

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

We're looking for a Cybersecurity Auditor professional to join our team and perform risk-based, objective, and independent cybersecurity audits of enterprise systems, infrastructure, and security controls.

In this role, you’ll implement a cybersecurity audit framework to give reasonable assurance of design and effectiveness of IT controls, perform all phases of the cybersecurity audit engagements, including, but not limited to, planning and scoping, identification and evaluation of risks and opportunities, developing and conducting testing to evaluate the design and the effectiveness of processes and controls, identifying and reporting findings, suggesting recommendations for improvements to Kyndryl’s processes and systems and following up with audit client remediations.

You'll be responsible for providing strong analytical and critical thinking skills to identify root cause of issues and develop recommendations to improve security posture and analyze complex problems, anticipate potential risks and impacts.

With mastery, you'll understand and execute the audit process using a risk-based audit approach, understand the objective, perform analysis of the process and associated risks, develop and conduct formal testing to determine if controls are effective to mitigate or manage risks, communicate the impact for achieving objectives, and develop recommendations, preparing a final report that communicates an effectiveness status for each risk

At Kyndryl, your contributions matter. We value your insights and ideas, and you'll play a pivotal role in shaping our Audit Organization for the better.

Your Future at Kyndryl
Every position at Kyndryl offers a way forward to grow your career. We have opportunities that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here.

Who You Are

You’re good at what you do and possess the required experience to prove it. However, equally as important - you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused - someone who prioritizes customer success in their work. And finally, you’re open and borderless - naturally inclusive in how you work with others.

Required Technical and Professional Expertise
- An undergraduate or master’s degree preferably in one of the following areas: Information Security, Information Systems, Computer Science
- Experience in leading cybersecurity audits/reviews and performing security assessments for a global organization
- Direct experience related to cybersecurity, risk management or IT audits
- Possession of at least one of the following certifications: CISA, CISM, CISSP, or other relevant certification
- Strong knowledge of cybersecurity regulations, laws, and standards
- Familiar with frameworks such as COBIT, ISO 27001/2, NIST, SOX, and General security practices
- Strong knowledge and understanding of cybersecurity processes and concepts (e.g., incident response, software development, security governance, cloud computing, SDLC, vendor risk management, penetration testing, vulnerability management, disaster recovery, segregation of duties, auditing and logging, physical security, access management, configuration management)
- Effectively and professionally presents and communicates issues, risks and technical information in a clear and concise manner to technical and non-technical audiences in English and Portuguese
- Excellent time management skills

Preferred Technical and Professional Expertise
- Knowledge of security, internal controls, audit and risk management frameworks and concepts, e.g. ISO27000, COSO, NIST, Cobit, IPPF, ITIL
- Possession of IT or audit area certifications: CISA, CISSP, CRISC, CCSK, CDPSE, CAC, OSCP, CKA, CGEIT, CISM, CRISC, ITIL, CIA, CPA, CRMA, ISO, QSA, PCI, for particular platforms, e.g. from Microsoft, Amazon, Google, IBM, Cisco or other relevant certification
- Led team of IT auditors in particular audit engagements

Being You

Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you - and everyone next to yo