IT Auditor, Application Security

About the role

For over 25 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world's most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations. Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It's a place where you can genuinely make an impact - and be recognized for it. We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers. Your role: Reporting to the Vice President, Finance, the IT Auditor - Application Security, you will evaluate the design and operating effectiveness of controls related to application security, secure software development, and DevSecOps practices across the software development lifecycle (SDLC). You will assess how security controls and secure development practices are implemented across engineering, security, and operational environments, identifying risks, evaluating control effectiveness, and providing actionable, risk-based recommendations to strengthen Global Relay's overall security posture. As part of the Internal Audit function, you'll work cross-functionally with Engineering (Developers & DevOps), Information Security, IT Operations, and Product teams to understand technical implementations and independently assess the effectiveness of application and technology security controls within the environment. You'll primarily focus on application and secure development practices while also supporting broader technology and security audit activities where required.

Responsibilities

• Assess application security and engineering programs, policies and software development governance practices
• Evaluate the secure software development lifecycle (SDLC) and DevSecOps practices, including the integration of security controls within the CI/CD pipelines and alignment to industry frameworks such as OWASP
• Evaluate secure coding practices across engineering and development teams including the use of AI in development processes
• Review and analyze application security testing activities and outputs including SAST, DAST, API security testing, container security scanning and manual security testing results
• Assess vulnerability management and penetration testing processes, including identification, prioritization, remediation, validation, exception handling and reporting practices
• Review maturity and security of automation practices, controls across virtualized and container environments
• Identify recurring security findings, systemic risks and broader control weaknesses across applications, infrastructure and supporting technology environments
• Participate in risk-based audit planning activities, including audit scoping, risk assessments, and control identification for technology and security audits
• Perform testing and validation of application and technology security controls to assess their design and operating effectiveness
• Document audit observations, risk impacts, root causes and control deficiencies and develop practical, risk-based recommendations for improvement
• Prepare and communicate audit findings and technical assessments to both technical and non-technical stakeholders, including Engineering, Security, Product, IT Operations and leadership teams
• Prepare and deliver presentations, reports, and supporting materials to communicate audit activities, findings, technical assessments, and recommendations to management and relevant stakeholders.
• Support audit issue tracking, remediation, validation and follow up activities to assess the effectiveness and timeliness of corrective actions
• Stay informed of emerging threats, vulnerabilities, technologies and industry trends related to application security and secure development practices
• About You:
• 3-5 years of experience in IT Audit, Application Security, Cybersecurity, DevSecOps, Software Engineering or Technology Risk
• Experience evaluating application security controls and secure software development practices within the software development lifecycle (SDLC) and DevSecOps environments
• Familiarity with a

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Global Relay? Share your experience