Third Party Security and Privacy Auditor

At IBM Finance & Operations, we are the backbone of IBM's transformation driving efficiency, transparency, and smart decision-making across the business. Our teams provide the insight and discipline that guide strategy, ensure financial strength, and enable IBM to invest in innovation and growth. Working in Finance & Operations means combining analytical skills with collaboration and curiosity. You'll partner with colleagues across functions and geographies, using data, technology, and process excellence to create solutions that improve performance and deliver measurable impact. IBM offers continuous learning, career development, and a culture that values diverse perspectives. Join us and be part of a global team that keeps IBM moving forward, while building your own future in a dynamic and evolving environment.

Your role and responsibilities

The role involves understanding and executing independent information technology audits of IBM's Third-Party Supplier environments and processes to obtain reasonable assurance of effective information technology risk management controls, standards, and practices. It requires expertise in information security best practices, the identification of key internal and operational controls risks, and knowledge of delivery ecosystems and management processes to deliver high-quality, risk-based audits. As a Third Party Security and Privacy Auditor, you are required to apply the fundamentals of auditing, perform independent, end-to-end information technology risk-based audits, contribute to the production of audit reports that articulate risks clearly, and assist in the development of audit scopes and tests. A key skill is the ability to effectively communicate business impact analyses and remediation plans to key stakeholders. Candidate should also possess excellent project management and time management skills.
The role demands a range of expertise in on-premises and cloud-computing environments, including network security, application security, data center security, governance, identity and access management, data security, artificial intelligence, business continuity and disaster recovery, and cryptography management. As an auditor, you should also demonstrate an understanding of application security risks, system risk management, secure development life cycles, and knowledge of Software Build of Material analysis(SBOM).

Candidates that do not currently possess at least one of the required external certifications, you will be required to obtain a certification after three years in your role as an Internal Auditor.

Required education

Bachelor's Degree

Preferred education

Bachelor's Degree

Required technical and professional expertise

Deep knowledge of data security, data privacy, data handling, and data classification best practices.

Strong background in IT Security, Third-Party Risk, Fourth-Party Risk, nth Party Risk and Internal and Operational Risk.

Knowledge and experience implementing the following standards and frameworks e.g. COBIT, ITIL, ISO 27001, ISO 42001(AIMS), SOC1/2, PCI-DSS

Knowledge and experience implementing global privacy regulations, e.g. GDPR, CPRA, LGPD, HIPAA

EU Cybersecurity Regulation i.e. DORA

Ethical Hacking Experience

Ability to apply the fundamentals of auditing.

Familiarity with IBM AI Governance Model

Preferred technical and professional experience

CISM, CISA, CIA, CISSP, CDPSE, CTPRP, AAIA, CEH

At least one cloud foundational certification, e.g. IBM Cloud Certified Technical Advocate, AWS Cloud Practitioner, Microsoft Azure Fundamentals, Google Cloud Platform Foundational Certificate

Generative AI, AI Ethics, AI Baseline Governance

Strong project management skills and experience working in an Agile environment