A Day in the Life of an Information Security Senior Auditor

Being an Information Security Senior Auditor brings different challenges every day. Whether she’s helping conduct assessments or evaluating risk at CIS, Stephanie uses her analytical skills and collaborative nature to get the job done. She relies on multiple teams at CIS to organize evaluations and gain a deep understanding of cybersecurity compliance. Keep reading to learn more about how Stephanie has helped the CIS team grow as an Information Security Senior Auditor.

Please share a brief overview of what you do as an Information Security Senior Auditor.

As an Information Security Senior Auditor, I work with various teams to support governance, risk, and compliance within CIS.

How long have you worked at CIS?

I started with CIS in February 2019

What education/background do you have that helped you get your position at CIS?

I have a Masters from George Washington University in Cybersecurity Policy and Compliance. I am certified as an Information Systems Auditor (CISA) and a Fraud Examiner (CFE). My first experience with information security began as a research analyst performing due diligence investigations for financial, private, and government institutions. I transitioned to the financial industry where I became an Internal Auditor focusing mainly on compliance and operation audits from a risk-based approach. Prior to joining CIS, I worked with a global organization as the US Information Security Compliance Officer, which included active functions within governance, risk, and compliance.

What are 5 daily tasks you do as an Information Security Senior Auditor?

  1. Communicating with internal and external stakeholders
  2. Performing risk assessments
  3. Performing regulatory assessments
  4. Evaluating organizational risk
  5. Evaluation of organizational compliance with applicable laws and regulations

What is your favorite part about being an Information Security Senior Auditor?

As the role of auditor, you are exposed to multiple areas within the organization providing further insight on how the organization functions.

What advice would you give a prospective Information Security Senior Auditor?

Always be willing to learn. The environment is constantly shifting and it is critical that as an auditor you understand the environment.

If you could describe your job in 3 words, what would they be?

Collaborative. Methodical. Impactful.

What is a skill or habit that has helped you in your current role?

Some key elements that have helped along the way have been continuous learning, open to new challenges, as well as asking lots of questions.

What has surprised you about being an Information Security Senior Auditor?

The ability and willingness of the teams to work on creating secure working environments.

How would you describe the company culture?

The culture at CIS is open and collaborative among the teams. Everyone has been great to work with. All employees are encouraged to further develop their skill set.  With that knowledge and experience, employees are able to contribute to the future of CIS as a growing organization.