IT Security Auditor

Job Summary

The Information Security Auditor will be responsible for evaluating and assessing the security of the organization's information systems, ensuring compliance with internal policies, industry standards, and regulatory requirements. This role involves identifying vulnerabilities, recommending improvements, and providing guidance on best practices to protect sensitive data and mitigate security risks and working closely with various departments

Key Responsibilities

• Conduct comprehensive security audits of information systems, networks, and applications.
• Evaluate the effectiveness of security controls and ensure compliance with relevant laws, regulations, and industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA, SAR, DPDP, SOC2).
• Identify and document security vulnerabilities and risks, and recommend appropriate remediation actions.
• Develop, implement, and maintain audit plans, procedures, and documentation.
• Collaborate with IT and other departments to ensure security controls are integrated into business processes.
• Monitor and review security policies, procedures, and practices to ensure they are up-to-date and effective.
• Perform risk assessments and provide recommendations for improving the overall security posture of the organization.
• Prepare detailed audit and BIA reports, including findings, risks, recommendations for remediation, and management responses. Present findings to management and relevant stakeholders.
• Stay current with the latest security trends, threats, and technologies.
• Assist in developing and delivering security awareness training programs.

Qualifications

Skills Required

Gdpr, SAR, Hipaa, Cisa, SOC2, Iso 27001, nist, Cism