CenturyLink Information Security Auditor in Denver, Colorado

CenturyLink (NYSE: CTL) at http://www.centurylink.com is a global communications and IT services company focused on connecting its customers to the power of the digital world. CenturyLink offers network and data systems management, big data analytics, managed security services, hosting, cloud, and IT consulting services. The company provides broadband, voice, video, advanced data and managed network services over a robust 265,000-route-mile U.S. fiber network and a 360,000-route-mile international transport network. Visit CenturyLink at http://www.centurylink.com/ for more information.

Job Summary

The Information Security Auditor will coordinate and execute a variety of compliance audit controls to ensure compliance with Information Security Policy, industry standards, and various compliance standards such as SSAE 16, PCI, ISO 27001, FISMA, HIPAA, Red Flag, Safe Harbor, and others The Information Security Auditor assists in monitoring, testing, defining, and validating global processes within a team environment and coordinating external audit activities on a periodic basis. This role supports multiple compliance programs.

Third Party Risk Management (TPRM) is responsible for providing Enterprise wide services, including an operating model, policies, procedures, governance and oversight programs for all regions and countries where CenturyLink conducts business. The TPRM program has been established to respond to, and adhere to, new and existing regulatory guidelines and initiatives enabling CenturyLink to effectively assess and manage the risk introduced by engaging with third parties during the course of executing business activities.

The Information Security Auditor will have strong communication skills to facilitate working with internal customers of a wide variety of audiences. This person will also possess excellent organizational skills to ensure that the necessary documentation is retained for review by other organizations as appropriate.

Job Description

  • Work independently and as a member of a team to manage the execution of multiple security controls validations simultaneously with specific deadlines.

  • Document execution of information security controls and any findings identified during the control validation cycle.

  • Consult with controls owners such as system administrators, database administrators, application owners and others on developing complete and repeatable control processes including control documentation such as procedures, control evidence, narratives, control matrices, metrics reports, etc.).

  • Develop an understanding of each compliance standard and the validation requirements to satisfy the standards, including any policies, rules and regulations, or laws governing the area reviewed.

  • Consult with internal clients on information security topics, providing guidance on compliance with corporate policy, standards, procedures, and industry best practices.

  • Communicate findings or potential control gaps to management along with suggested remediation.

  • Assist with the education and training of control owners on compliance obligations.

  • Identify control deficiencies and/or process inefficiencies and assist in developing process improvements.

  • Other duties as designed.



  • Bachelors Degree in Computer Science, Information Systems, IT, Finance, or related field

  • 5 years of experience


  • Masters Degree

  • 2 years of experience


Bachelors or Equivalent in Computer Science or Information Systems

Masters or Equivalent

Alternate Location: US-Colorado-Broomfield; US-Colorado-Denver

Requisition # : 196817

This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/

EEO Statement

We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.


The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.