VMware recognizes that today’s students are tomorrow’s trailblazers and we value the opportunity to benefit from your fresh perspective. If you thrive in an open, innovative, technology-driven culture, VMware could be the place for you! You will be exposed to a wide range of software platform technologies that are utilized by customers all over the world.
VMware is the leader in virtualization and cloud infrastructure solutions that enable our more than 350,000 enterprise and SMB customers to thrive in the Cloud Era. A pioneer in the use of virtualization and automation technologies, VMware simplifies IT complexity across the entire data center to the virtual workplace, empowering customers with solutions in the software-defined data center to hybrid cloud computing and the mobile workspace.
Our team of 30,000+ people working in 50+ locations worldwide is committed to building a community where great people want to work long term by living our values of passion, innovation, execution, teamwork, active learning and giving back. If you are ready to accelerate and innovate, join us as we challenge constraints and problem solve for tomorrow today.
Job Role and Responsibilities:
Come be part of VMware’s InfoSec Operations Assurance team! The InfoSec Ops Assurance team focuses on Operational Assurance to increase the InfoSec maturity level at VMware by performing policy, common controls, critical vendor audits and extended support to customer audits.
The InfoSec IT Audit Analyst will be responsible for supporting all InfoSec Operations Assurance related strategies and initiatives that support the company’s core security objectives. The role will provide innovative advice to VMware’s stakeholders by providing risk based and objective assurance services to support regulatory, contractual obligations and process continuous improvements.
- Responsible for supporting the overall InfoSec Assurance strategy of protecting information assets and data.
- Supports new critical Information Assurance projects and initiatives.
- Supports the ongoing security compliance audits from customers and third-party vendor external information security assessments.
- Participates and supports internal policy assessments including but not limited to policy tests of compliance, effectiveness and developing value-added recommendations to improve internal IT controls and operational efficiency.
- Assess company processes and controls against ISO 27001, 27002, 27017, 27018 and other industry leading frameworks to identify gaps in design and execution and communicate issues and recommendations to control owners.
- Evaluates security practices in terms of risk to the organization and helps identify controls to mitigate loss.
- Work closely with management and business unit leaders, performing necessary due diligence to ensure the business units are correctly following the security policies and practices established by the company.
- Accurately interpret collected evidence to effectively identify, recommend, and report improvement opportunities for processes and controls.
- Properly document, prioritize and execute all security assurance related initiatives.
- Complete other related activities as needed to support corporate objectives.
- Pursing a Master’s degree (rising 2nd year) in Computer Science, Information Systems, or related field. MA in Cyber Security or Information Assurance preferred.
- Have a good understanding of the information technology industry and cloud service models (i.e. Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), etc.) and their related information security requirements.
- Familiarity with most common cloud services providers like Amazon AWS, Microsoft Azure, IBM Cloud, Google Cloud, etc.
- Awareness of SDLC processes and their related information security requirements
- Awareness of the project management process
- Excellent professional written, verbal and listening skills.
- Team player, flexible, and able to resolve conflicts.
- Experience working on PCI-DSS, HIPAA and SOX assessments is desirable
- Awareness of process automation and data analysis is desirable.
- Willing to pursue well known industry certifications such as Certified Information Services Auditor (CISA), Certified Information Security Manager (CISM), Certified Internal Auditor, Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) or Certificate of Cloud Security Knowledge (CCSK), etc.
- Basic development skills and understanding of programming and scripting languages like Python, Bash, Java and Power Shell is desirable.
Please note that while anyone with a legal right to work in the U.S. may apply for this role, VMware is not presently sponsoring work visas for the entry-level roles for which these Internships may prepare you
VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.