IT Auditor

security analystLoricca is a national provider of IT Security and Regulatory Compliance Solutions. Loricca delivers flexible and innovative solutions through world class technical services combined with industry best practices. Loricca’s highly talented team brings many years of experience delivering successful solutions to commercial enterprises and government agencies. The protection of critical and sensitive information is at the forefront of many corporate initiatives.

Loricca desires to add to its team of security and compliance professionals which involves a limited amount of travel.  Each project requires minimal time onsite at the client facility, with the majority of the work and deliverables completed offsite at Loricca facilities.

This job description indicates the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to this job. The incumbent of this position is also expected to undertake other duties which may not be listed on this job description as directed by their manager which can be deemed as reasonable within the scope of their role.  Loricca, Inc. is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, or religion/belief.

Reporting to the Senior Director of Security Compliance, the IT Auditor will have the opportunity to influence the strategic direction and organizational structure of a new department. The ideal candidate will have experience performing audits in the ISO 27001, PCI DSS, HIPAA frameworks.

Essential Functions

  • Perform ISO 27001, PCI DSS, HIPAA internal audits and monitor gap remediation efforts
  • Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change
  • Regularly interact with all levels of management to present and discuss audit results and obtain gap remediation status
  • Maintain a catalog of all internal security controls across the enterprise to include their mapping to the above security frameworks
  • Perform periodic security risk assessments and advise business stakeholders on best practices to reduce risk and overall breach profile
  • Audit day-to-day security operations and high-visibility business processes
  • Self-assessment program and assess the efficacy of evidentiary.
  • Review and coordinate changes to information security policies, procedures, and standards in an ISO 9001 continuous improvement model

Knowledge, Skills, and Abilities

  • Established work history with increasing responsibilities in the field of Information Assurance
  • IT audit experience in the ISO 27001, PCI DSS, HIPAA frameworks
  • Understanding and established work history with the PCI DSS and HIPAA
  • Ability to lift and move items weighing up to 50lbs. without assistance
  • 30% Travel

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all duties, responsibilities, and skills.

Education and Experience

  • Higher education in the field of Computer Science or Information Assurance; equivalent work experience is acceptable
  • Desired certifications: PCIP, ISA/QSA, CISSP, CISA, CISM, and related IT Information Certifications

To apply, please forward your resume to