Principal Internal AuditorBoston, Massachusetts
Shorelight Education is reinventing the international education experience for both students and universities. In partnership with leading U.S. institutions, we build innovative degree programs — whether on campus or cloud-based, in the United States or students’ home countries — that help students thrive and create a new generation of successful, globally minded alumni.
The Principal Internal Auditor will participate in the performance of audits globally, specifically focusing on fieldwork, risk assessment and testing the internal control environment and in the reviews of business processes, internal controls using a risk based audit methodology and validating compliance with Shorelight’s information security policies. This integral role within the organization includes these core functions: own and deliver an internal audit program; identify and report on compliance with company policies and other business processes; identify risks, weaknesses, and areas of improvement; assign ownership of any corrective actions; and follow up the corrective action with the assigned owners to ensure it has been satisfactorily completed in accordance with company policies. The position requires travel to Shorelight sites both inside and outside the United States.
- Develop an internal information security audit program, with an initial focus on validating Shorelight’s IT security policies and processes, its Information Security Management System (ISMS), and company compliance with ISO27001 and Family Educational Rights and Privacy Act of 1974 (FERPA)
- Carry out the internal audit program; produce timely and meaningful audit reports of the findings; identify any business risks, weaknesses, or areas for improvement; and agree on corrective actions with assigned owners in legal, business and security functions
- Follow up corrective actions with assigned owners to ensure proper implementation and to provide guidance
- Develop audit metrics, including the reporting of audit findings to the Security Forum
- Identify, record, and document thoroughly all audit findings and corrective actions
- Work with the Chief Information Officer, IT Security Team, Security Forum, and other business partners to define and/or refine the internal audit program
- Use the findings from internal audits to identify the root cause and work collaboratively with other business partners to improve policies and processes to ensure best practice
- Comply with Shorelight Written Information Security Policy and all other Shorelight Information Security Policies and Procedures
- Take responsibility for any Shorelight assets assigned to you
- Promptly report any security events, incidents, or weaknesses to Shorelight Security
- Proficiency in evaluating and testing internal controls and applying risk based audit skills
- 5+ years of experience in a similar relevant role
- Willingness to learn the ISO27001 security controls and auditing ISMS
- Working knowledge of FERPA requirements
- Experience in writing clear, concise, and comprehensive audit reports
- Clear and effective verbal and written communication skills, with an ability to use data to inform and report on audit findings and metrics at executive level
- Demonstrated understanding of sensitivity of confidential information
- Eligibility to work in, and travel freely to and from, the United States without sponsorship
- Ability to collaborate with stakeholders
- Curious enough to ask probing questions and challenge the status quo while maintaining respectful attitude toward others’ approaches
- Passion for emerging technologies and IT security best practice
To apply for this position, please visit the Shorelight Careers page to submit an application with a resume and cover letter.
Background Check Required–Education, Criminal, Identity
Shorelight Education is an Equal Opportunity Employer.