Overview:
We are seeking a highly skilled and experienced Information Security Auditor to join our dynamic team. The ideal candidate will be responsible for executing comprehensive information security audits to assess the effectiveness of our organizations’ security controls and processes. The Senior Information Security Auditor will play a crucial role in identifying vulnerabilities, recommending improvements, and ensuring compliance with industry standards and regulations.
Responsibilities:
Audit Planning and Execution:
Support the planning, execution, and management of information security audits, including risk assessments and scoping.
Conduct thorough reviews of security policies, procedures, and technical controls.
Risk Assessment:
Identify and evaluate potential security risks and vulnerabilities, and provide recommendations for risk mitigation.
Collaborate with cross-functional teams to assess the impact of identified risks on business operations.
Compliance and Standards:
Ensure compliance with relevant laws, regulations, and industry standards.
Keep abreast of changes in the regulatory environment and recommend adjustments to audit processes accordingly.
Report Generation:
Prepare clear and concise audit reports outlining findings, recommendations, and remediation plans.
Communicate audit results to senior management and provide guidance on security best practices.
Collaboration:
Collaborate with internal teams to promote a culture of security awareness and compliance.
Support communication with other cross-functional departments to address security concerns and implement solutions.
Continuous Improvement:
Support continuous improvement initiatives related to information security processes and controls.
Stay current with emerging security threats and technologies to enhance audit methodologies.
Qualifications:
Bachelor's degree in Information Security, Computer Science, or a related field.
Certified Information Systems Auditor (CISA) or equivalent certifications.
Proven experience in information security auditing, risk management, and compliance.
Strong understanding of industry standards such as ISO 27001, NIST, and GDPR.
Skills:
Proficient in using industry-standard audit tools and methodologies.
Strong technical background in information security and familiarity with networking, operating systems, and security technologies.
Ability to analyze complex systems and processes to identify vulnerabilities and risks.
Excellent verbal and written communication skills for preparing reports and interacting with stakeholders.
Effective project management skills for planning and executing audits within established timelines.
In-depth knowledge of regulatory requirements and industry standards related to information security.
Commitment to staying current with evolving security threats and technologies.