ISA Auditor

INSIDE IR35

Job Summary:
We are seeking an experienced Internal Security Assessor to oversee and manage a third-party consultancy conducting an external security audit. This role will act as the liaison between the client organization and the auditors, ensuring that the audit process runs smoothly, findings are addressed, and security standards are upheld. The ideal candidate will have strong security assessment skills, experience in managing external vendors, and the ability to coordinate internal resources to support the audit.

Key Responsibilities:

1. Audit Management and Oversight:
   • Serve as the primary point of contact between the organization and the external security audit consultancy.
   • Plan, coordinate, and oversee all phases of the security audit, ensuring objectives and timelines are met.
   • Manage communication with the consultancy and internal stakeholders to ensure a clear flow of information.
2. Internal Coordination and Preparation:
   • Collaborate with internal teams to gather necessary evidence, documentation, and data required for the audit.
   • Ensure internal processes, systems, and controls are well-documented and ready for audit scrutiny.
3. Evaluation and Remediation:
   • Review audit findings and assess their accuracy, impact, and relevance to the organization.
   • Work with internal teams to develop and implement remediation plans for identified risks and vulnerabilities.
4. Compliance and Standards:
   • Ensure the audit aligns with applicable regulatory frameworks and security standards, such as ISO 27001, PCI DSS, NIST, or GDPR.
   • Advise internal teams on security best practices to maintain a strong security posture.
   • Assist in ongoing efforts to improve security processes and governance.
5. Reporting and Documentation:
   • Prepare detailed reports on audit progress, findings, and remediation plans for senior leadership.
   • Maintain accurate documentation of all audit-related activities, communication, and decisions.
   • Track post-audit actions to ensure continuous improvement and compliance.
6. Stakeholder Management:
   • Engage and motivate cross-functional teams to participate in the audit process effectively.
   • Collaborate with senior management to ensure alignment between audit objectives and business priorities.

Qualifications and Skills:

• Certifications:
  • Relevant certifications such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent are highly desirable.
• Experience:
  • Proven experience managing or conducting security audits in a regulated environment.
  • Experience working with external audit consultancies or third-party vendors.
  • Strong knowledge of security frameworks, including ISO 27001, NIST, PCI DSS, or other relevant standards.
  • Familiarity with IT security controls, risk management, and compliance practices.