Sr. Internal Auditor - IT

Scope:

• Plan, execute, and report on internal audits to evaluate the effectiveness, adequacy, and compliance of the organization’s Information Security Management System (ISMS) for both product ISMS and internal ISMS as per ISO 27001:2022 standards.
• Conduct regular SOX activities, ITGC testing, and other IT audits as required.
• Identify gaps, assess risks, and recommend corrective and preventive actions to support continuous improvement and readiness for certification and surveillance audits.
• Provide strong expertise in information security controls, risk assessment methodologies, and audit best practices to strengthen the organization’s governance and compliance posture.

What You Will Do:

• Develop and implement a risk‑based annual internal audit plan for ISMS, including audit frequency, scope, and objectives; map audit activities to the 93 controls in ISO 27001:2022 Annex A.
• Conduct comprehensive ISMS internal audits covering Clauses 4–10 and Annex A controls, including technical areas (encryption, network security, access control) and organizational controls (policies, HR security).
• Review ISMS documentation such as Scope, Policies, SOA, Risk Assessment, etc., for completeness and conformance to ISO 27001 requirements.
• Prepare detailed audit reports for senior management and the Board, highlighting non‑conformities, opportunities for improvement, and corrective action recommendations.
• Track remediation of findings, follow up with stakeholders, and verify implementation of corrective actions.
• Collaborate with process owners and IT management to foster a proactive security and compliance culture.
• Provide expert guidance on ISO 27001 requirements, interpretation of controls, and best practices for certification readiness.
• Prepare the organization for external certification and surveillance audits, managing documentation, alignment, and audit readiness.
• Conduct interviews and walkthroughs with process owners and SMEs using a consultative and evidence‑based approach.
• Facilitate development of audit observations, recommendations, and corrective actions; escalate issues as appropriate.
• Maintain communication with external auditors, ensuring alignment on scope, timelines, and observations.
• Perform special audits as assigned by Senior Management or the Audit Committee.
• Use data, metrics, and analytics to inform audit conclusions and support decision‑making.
• Uphold the firm’s Code of Ethics and Business Conduct in all audit activities.

What We Are Looking For:

• Bachelor’s degree in Information Technology, Computer Science, Information Security, or a related field.
• 6+ years of experience in IT auditing with strong exposure to ISO 27001 implementation or auditing.
• Strong technical understanding of:
  • ISO/IEC 27001:2022, ISO/IEC 27002:2022
  • Risk management frameworks
  • IT General Controls (ITGCs)
  • Cloud infrastructure, IAM, data protection mechanisms
• Ability to conduct technical and organizational control testing with strong documentation and reporting skills.
• Experience in Big 4 or large audit consulting environments highly desirable.
• Strong communication, stakeholder management, and audit execution skills.
• Ability to work independently and manage multiple audits in a fast‑paced environment.

Certification:

• Mandatory Certification: ISO 27001 Lead Auditor or Internal Auditor (CQI/IRCA or equivalent)

• Preferred Certifications: CISA, CISM, CISSP

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.