Internal Auditor auditing information security management systems and following up on audit findings. Engaging with external auditors and ensuring compliance with relevant standards.
About the role
- Sr. Internal Auditor focusing on IT compliance and risk management for ISO 27001 standards. Leading internal audits and preparing for external certifications for a tech company.
Responsibilities
- Plan, execute, and report on internal audits to evaluate the effectiveness, adequacy, and compliance of the organization’s Information Security Management System (ISMS) for both product ISMS and internal ISMS as per ISO 27001:2022 standards.
- Conduct regular SOX activities, ITGC testing, and other IT audits as required.
- Identify gaps, assess risks, and recommend corrective and preventive actions to support continuous improvement and readiness for certification and surveillance audits.
- Develop and implement a risk‑based annual internal audit plan for ISMS, including audit frequency, scope, and objectives; map audit activities to the 93 controls in ISO 27001:2022 Annex A.
- Conduct comprehensive ISMS internal audits covering Clauses 4–10 and Annex A controls, including technical areas (encryption, network security, access control) and organizational controls (policies, HR security).
- Review ISMS documentation such as Scope, Policies, SOA, Risk Assessment, etc., for completeness and conformance to ISO 27001 requirements.
- Prepare detailed audit reports for senior management and the Board, highlighting non‑conformities, opportunities for improvement, and corrective action recommendations.
- Track remediation of findings, follow up with stakeholders, and verify implementation of corrective actions.
- Collaborate with process owners and IT management to foster a proactive security and compliance culture.
- Provide expert guidance on ISO 27001 requirements, interpretation of controls, and best practices for certification readiness.
- Prepare the organization for external certification and surveillance audits, managing documentation, alignment, and audit readiness.
- Conduct interviews and walkthroughs with process owners and SMEs using a consultative and evidence‑based approach.
- Facilitate development of audit observations, recommendations, and corrective actions; escalate issues as appropriate.
- Maintain communication with external auditors, ensuring alignment on scope, timelines, and observations.
- Perform special audits as assigned by Senior Management or the Audit Committee.
- Use data, metrics, and analytics to inform audit conclusions and support decision‑making. Uphold the firm’s Code of Ethics and Business Conduct in all audit activities.
Requirements
- Bachelor’s degree in Information Technology, Computer Science, Information Security, or a related field.
- 6+ years of experience in IT auditing with strong exposure to ISO 27001 implementation or auditing.
- Strong technical understanding of: ISO/IEC 27001:2022, ISO/IEC 27002:2022 Risk management frameworks IT General Controls (ITGCs) Cloud infrastructure, IAM, data protection mechanisms
- Ability to conduct technical and organizational control testing with strong documentation and reporting skills.
- Experience in Big 4 or large audit consulting environments highly desirable.
- Strong communication, stakeholder management, and audit execution skills.
- Ability to work independently and manage multiple audits in a fast‑paced environment.
- Mandatory Certification: ISO 27001 Lead Auditor or Internal Auditor (CQI/IRCA or equivalent)
- Preferred Certifications: CISA, CISM, CISSP
Benefits
- Competitive salary
- Flexible working hours
- Professional development opportunities
- Health insurance
- Paid time off
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Auditor(a) Interno(a) Sênior at Central Sicredi in Porto Alegre. Focused on evaluating strategic priorities and managing internal audit tasks.
Auditor/a Tricualificado en ISO 9001, 14001 y 45001 en Bureau Veritas. Ejecutando auditorias, ofreciendo información a clientes y evaluando sistemas de cumplimiento.
Night Auditor managing reception operations at Meliá Hotels International in Menorca. Ensuring guest satisfaction and handling all administrative tasks during night hours.
Senior Auditor at Sanlam Group performing internal audits and control effectiveness evaluations. Engage with management on audit findings and supervise internal auditors.
Auditor role in Sanlam's Group Internal Audit team, focusing on internal controls and external auditor liaison. Requires relevant auditing experience and accounting degree.
Senior Executive auditing medical claims for healthcare to ensure documentation accuracy and compliance with CMS regulations. Collaborating with teams to improve claims processes and audit findings.
ID
Auditor for ISO management standards at Intertek, ensuring compliance in quality and environmental management. Working in Germany with flexible working hours and health promotion benefits.
Senior Auditor conducting audits in US Consumer and Commercial Banking for developing internal controls and compliance standards. Executing audit plans and collaborating with stakeholders for quality results.
Auditor conducting onsite audits for Bureau Veritas in Noida, India. Managing audit processes and ensuring compliance with client requirements.