ISO 27001 and IT Controls Auditor

Your role:

As an ISO 27001 and IT Controls Auditor, you will ensure security and compliance for our highly regulated customers in sectors such as finance, insurance, healthcare, and government. You will audit for compliance with ISO 27001, SOC 2, and other IT control frameworks, identify potential risks, and advise on remediation actions. Collaborating across both operations and commercial teams, you will maintain our high standards for security and compliance.

If you are passionate about IT audit, compliance, and contributing to a secure, compliant IT environment, we encourage you to apply!

Your responsibilities:

Duties and responsibilities, pertaining to ISO 27001 and SOC 2, include:

• Design and conduct comprehensive audits against the ISO 27001 framework, ensuring our information security management system (ISMS) meets regulatory requirements
• Review security policies, procedures, and controls, ensuring they align with ISO 27001 and SOC 2 requirements
• Lead internal audits and collaborate with external auditors for all regulatory certification processes
• Document and report audit findings, providing detailed recommendations for improving compliance and security posture
• Monitor changes in ISO and SOC frameworks, industry best practices, regulatory changes, ensuring the company continuously adapts its security and compliance strategies accordingly
• Compile test controls, document results, and prepare summary reports for senior management
• Maintain a schedule of audit activity, liaise with stakeholders, and participate in IT controls and business process audits
• Identify risks, control weaknesses, and provide improvement recommendations
• Benchmark processes and controls, collaborating with stakeholders to communicate findings to senior management
• Evaluate SOC 2 audit evidence collection, ensuring it meets external audit requirements

Duties and responsibilities pertaining to the IT Controls Audit:

• Audit and surveil key performance indicators (KPIs) for quality and completeness across multiple departments
• Review processes for delivering on customer commitments and identify opportunities for process improvements
• Review and contribute to the annual Privacy Impact Assessment to meet customer expectations
• Ensure contracted commitments are accounted for in policies, procedures, and KPIs
• Work collaboratively with stakeholders to create new processes to address emerging risks and control weaknesses
• Assist in the maintenance of business capability maps and privacy data maps for multiple departments, including Finance, Accounting, Human Resources, Marketing, and Business Development teams
• Evaluate the effectiveness of IT General Controls (ITGCs), including system access, change management, data backup, and disaster recovery processes
• Assess IT controls based on recognized frameworks like COBIT, NIST, and COSO, identifying gaps and areas for improvement in control environments
• Review IT system configurations, security patching, logging, and monitoring processes to ensure they comply with internal and external security standards
• Conduct risk assessments and develop audit plans to test critical IT and security controls for effectiveness
• Provide clear, actionable audit reports with prioritizations for remediation, supporting our IT and security teams in improving control effectiveness
• Collaborate with IT and engineering teams to ensure that security controls are embedded in systems development and operational processes
• Maintain awareness of emerging technologies and trends in cybersecurity and IT controls, ensuring that audit practices stay current

About you:

• 5+ years of IT auditing experience, including ISO 27001 and SOC 2 audits
• Proven experience in auditing IT General Controls (ITGCs) and application controls in complex IT environments
• Strong familiarity with frameworks such as ISO 27001, SOC 2, COBIT, NIST, and COSO, and strong knowledge of IT risk assessment, IT governance, and internal control concepts
• Experience in highly regulated sectors (e.g. finance, healthcare, government), is highly desirable
• Experience working with cloud infrastructure environments (e.g., AWS, Azure, GCP) and understanding cloud compliance controls
• Certifications such as ISO 27001 Lead Auditor, CISA, CISM, CISSP, or SOC 2 auditing certification are strongly preferred
• Excellent understanding of information security principles and IT compliance standards
• Proficiency in writing detailed audit reports, articulating technical findings, and making recommendations in a clear and concise manner
• Analytical mindset with strong attention to detail and the ability to think critically about complex technical issues
• High integrity and strong professional ethics to ensure impartiality, objectivity and confidentiality in audits
• Excellent communication skills, capable of presenting audit findings to technical and non-technical stakeholders and communicating with executives
• Collaborative, adaptable and open to continuous learning to stay current with evolving security risks and regulatory requirements
• Willingness to travel occasionally as needed