Information Security Auditor

Apply now »

Date: Feb 8, 2019

Location: Littleton, CO, US, 80120

About CenturyLink

CenturyLink (NYSE: CTL) is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.

Job Summary

The Information Security Auditor will coordinate and execute a variety of compliance audit controls to ensure compliance with Information Security Policy, industry standards, and various compliance standards such as SSAE 16, PCI, ISO 27001, FISMA, HIPAA, Red Flag, Safe Harbor, and others. The Information Security Auditor assists in monitoring, testing, defining, and validating global processes within a team environment and coordinating external audit activities on a periodic basis.  This role supports multiple compliance programs.

The Information Security Auditor will have strong communication skills to facilitate working with internal customers of a wide variety of audiences. This person will also possess excellent organizational skills to ensure that the necessary documentation is retained for review by other organizations as appropriate.

Job Description

  • Work independently and as a member of a team to manage the execution of multiple security controls validations simultaneously with specific deadlines.
  • Document execution of information security controls and any findings identified during the control validation cycle.
  • Consult with controls owners such as system administrators, database administrators, application owners and others on developing complete and repeatable control processes including control documentation such as procedures, control evidence, narratives, control matrices, metrics reports, etc.).
  • Develop an understanding of each compliance standard and the validation requirements to satisfy the standards, including any policies, rules and regulations, or laws governing the area reviewed.
  • Consult with internal clients on information security topics, providing guidance on compliance with corporate policy, standards, procedures, and industry best practices.
  • Communicate findings or potential control gaps to management along with suggested remediation.
  • Assist with the education and training of control owners on compliance obligations.
  • Identify control deficiencies and/or process inefficiencies and assist in developing process improvements.
  • Other Physical Security responsibilities as required.



  • Bachelor's degree in Computer Science, Information Systems, IT, Finance, or related field, or 2-4 years of relevant experience. Additional years of relevant experience may be substituted for the bachelor’s degree.
  • Experience with Security controls and IT auditing.
  • Detail oriented, ability to create and analyze detailed controls testing and metrics.
  • Hands on experience in access administration/support, process management, compliance and/or audit.
  • Strong organizational, verbal and written communication skills.
  • Problem solving and analytical skills.
  • Knowledge of personal computers and related software to include word processing and spreadsheets.
  • Ability to travel domestically and internationally.  Travel is expected to be less than 25%.

Preferred Qualifications:

  • 1-2 years SSAE 16, AT-101 (SOC 1 / SOC 2), PCI, ISO, HIPAA, Privacy, NACHA, or SOX IT General Computer Controls auditing or similar audit experience.
  • Professional/technical certifications such as CISA, CISSP, GSEC, or CISM or willingness to pursue.
  • Experience with managed hosting, networking, large scale IT technology, or data center environments.
  • Knowledge of information security industry and regulatory obligations.
  • Knowledge of project management practices.
  • Hands on experience with regulatory data privacy and protection.
  • Experience with compliance/vulnerability tools (e.g. RSAM, RSA Archer).


Alternate Location: US-Colorado-Littleton

Requisition #: 210198

This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at 

EEO Statement

We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”).  We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.


The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.  Job duties and responsibilities are subject to change based on changing business needs and conditions.

Nearest Major Market: Denver

Job Segment: Audit, Information Security, Corporate Security, Engineer, Finance, Technology, Security, Engineering

Apply now »

Share this Job