Information Security Specialist

Information Security & IT Audit Specialist

Basic Information

Job Title: Information Security & IT Audit Specialist

Department: IT Governance & Risk Management

Location: [Specify Location]

Reports To:

Role Summary

Responsible for ensuring the organization's information security posture and IT audit compliance. The role involves conducting risk assessments, implementing security controls, performing IT audits, and ensuring adherence to regulatory standards. The candidate must hold CISA certification and have strong experience in security governance and audit frameworks.

Key Responsibilities

Develop and maintain information security policies and procedures.

Conduct IT audits to assess compliance with internal and external standards.

Perform risk assessments and recommend mitigation strategies.

Monitor and evaluate security controls and ensure effectiveness.

Collaborate with IT teams to remediate audit findings and security gaps.

Ensure compliance with regulatory requirements such as ISO 27001, PCI-DSS, and GDPR.

Prepare detailed audit reports and present findings to senior management.

Lead incident response and forensic investigations when required.

Key Interactions

IT Operations Team

Risk Management Team

Compliance Department

External Auditors

Knowledge & Experience

Bachelor's degree in Information Technology, Cybersecurity, or related field.

CISA certification is mandatory; additional certifications like CISSP or CISM are preferred.

5+ years of experience in Information Security and IT Audit.

Strong understanding of security frameworks (ISO 27001, NIST, COBIT).

Experience with vulnerability assessment tools and audit software.

Competencies & KPIs

Analytical and problem-solving skills.

Attention to detail and accuracy in audit reporting.

Ability to manage multiple audits and security projects simultaneously.

Effective communication and stakeholder management skills.

KPIs: Number of audits completed, compliance score, incident response time.

Behavioral Competencies

Integrity and ethical conduct.

Proactive approach to problem-solving.

Ability to work under pressure and meet deadlines.

Collaboration and team orientation.

Continuous learning mindset.