Job Title:
Information Security Auditor
-----------------------------------
Position Summary:
This position will work with clients to assess their policies, standards, and guidelines against industry standards such as ISO27001, NIST CSF, and CIS frameworks. The position will ensure clients meet compliance requirements and guide them in developing an improved security posture.
Responsibilities:
* Managing and delivering Information Security audit assignments.
* Defining the scope for Information Security audit assignments.
* Developing and quality-assuring security audit reports.
* Traveling to clients' offices and other group locations.
* Collaborating with clients to develop appropriate remediation plans.
* Teaming up with colleagues in other lines of services in support of client needs for Information Security Services.
* FOLLOWING, MAINTAINING, AND IMPROVING STANDARD OPERATION PROCEDURES (SOP).
* Achieving and maintaining any required professional certification.
* Researching best practices, developments, techniques, and trends in information security and determining relevance to client organizations.
* Providing clients with exceptional service in a professional, courteous, and timely manner.
* Other related duties as assigned.
Required Education/Credentials/Qualifications:
* Degree in Computer Science, Information Systems, Engineering, or a related major from an accredited University or equivalent College Diploma and related experience.
* ISACA CISA certification.
* A good understanding of Linux, Windows, and network security skills.
* Excellent written and oral communication skills in English.
* Ability to meet deadlines and deliver a high-quality product (reports).
* Strong attention to detail.
* Ability to work both independently and perform as a leader in a team environment.
* 5 years minimum information security experience ideally in a fast-paced, changing environment.
PREFERRED SKILLS:
* ISO27001 Lead Auditor, PCI QSA, ISACA CISM, SANS Certifications.
* Deep understanding of key information security program development, tool implementation, and information security concepts and frameworks.
* In-depth experience designing and implementing information security solutions.
* Understanding of information security frameworks such as ISO/IEC 27001:2022, COBIT, NIST CSF.
* Support team technical development (e.g., through service development or research) and contribute to company technical processes overall.
Travel Expectations:
Must be able to travel.