ISA Auditor

Job Summary:
We are seeking an experienced Internal Security Assessor to oversee and manage a third-party consultancy conducting an external security audit. This role will act as the liaison between the client organization and the auditors, ensuring that the audit process runs smoothly, findings are addressed, and security standards are upheld. The ideal candidate will have strong security assessment skills, experience in managing external vendors, and the ability to coordinate internal resources to support the audit.

Key Responsibilities:

1. Audit Management and Oversight:
• Serve as the primary point of contact between the organization and the external security audit consultancy.
• Plan, coordinate, and oversee all phases of the security audit, ensuring objectives and timelines are met.
• Manage communication with the consultancy and internal stakeholders to ensure a clear flow of information.
• Track the progress of the audit, address issues proactively, and ensure deliverables are achieved to high standards.
2. Internal Coordination and Preparation:
• Collaborate with internal teams to gather necessary evidence, documentation, and data required for the audit.
• Ensure internal processes, systems, and controls are well-documented and ready for audit scrutiny.
• Coordinate technical teams, including IT, security, and compliance, to respond promptly to audit queries.
3. Evaluation and Remediation:
• Review audit findings and assess their accuracy, impact, and relevance to the organization.
• Work with internal teams to develop and implement remediation plans for identified risks and vulnerabilities.
• Provide guidance on prioritizing and addressing security gaps, ensuring compliance with industry standards.
4. Compliance and Standards:
• Ensure the audit aligns with applicable regulatory frameworks and security standards, such as ISO 27001, PCI DSS, NIST, or GDPR.
• Advise internal teams on security best practices to maintain a strong security posture.
• Assist in ongoing efforts to improve security processes and governance.
5. Reporting and Documentation:
• Prepare detailed reports on audit progress, findings, and remediation plans for senior leadership.
• Maintain accurate documentation of all audit-related activities, communication, and decisions.
• Track post-audit actions to ensure continuous improvement and compliance.
6. Stakeholder Management:
• Engage and motivate cross-functional teams to participate in the audit process effectively.
• Collaborate with senior management to ensure alignment between audit objectives and business priorities.
• Ensure transparency and clarity in all audit-related communication with both internal and external stakeholders.

Qualifications and Skills:

• Education:
• Bachelor's degree in Information Security, Computer Science, or a related field. A master's degree is a plus.
• Certifications:
• Relevant certifications such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent are highly desirable.
• Experience:
• Proven experience managing or conducting security audits in a regulated environment.
• Experience working with external audit consultancies or third-party vendors.
• Strong knowledge of security frameworks, including ISO 27001, NIST, PCI DSS, or other relevant standards.
• Familiarity with IT security controls, risk management, and compliance practices.
• Technical Skills:
• Good understanding of IT systems, networks, cloud security, and related technologies.
• Familiarity with vulnerability management, incident response, and access control processes.
• Ability to evaluate technical security measures and translate them into business language.
• Core Competencies:
• Excellent project management and organizational skills to manage timelines and competing priorities.
• Strong analytical and problem-solving skills to assess audit findings and recommend solutions.
• Outstanding communication and interpersonal skills to interact with technical teams, leadership, and auditors.
• Ability to remain calm under pressure and manage complex audit processes efficiently.