ISO 27001 Auditor

We are seeking a qualified and experienced ISO 27001 Auditor to assess, monitor, and improve our Information Security Management System (ISMS) in accordance with the ISO/IEC 27001 standard. The ideal candidate will have a strong understanding of information security principles and best practices and will be responsible for performing internal audits, supporting certification audits, and ensuring continuous improvement of the ISMS.

Key Responsibilities:

• Plan, conduct, and report on internal audits of the ISMS as per ISO/IEC 27001 requirements.
• Identify non-conformities, risks, and improvement opportunities and follow up on corrective actions.
• Assist in maintaining ISO 27001 certification by ensuring compliance with applicable controls and standards.
• Provide guidance on the implementation and effectiveness of security controls across departments.
• Work closely with stakeholders to ensure risk assessments, asset management, and security policies are up to date.
• Support third-party audits and liaise with external auditors and certification bodies.
• Keep abreast of regulatory changes and developments in information security standards.
• Assist in training staff on ISO 27001 awareness and internal audit procedures.
• Document audit findings, prepare audit reports, and present results to management.

Requirements:

Education & Experience:

• Bachelor’s degree in Information Security, Computer Science, IT, or a related field.
• Minimum [2–5] years of experience in information security or compliance.
• Proven experience conducting ISO 27001 audits.

Certifications (preferred or required):

• Certified ISO/IEC 27001 Lead Auditor or Internal Auditor (e.g., PECB, IRCA, BSI, or equivalent).
• Other relevant certifications (CISA, CISSP, CISM) are a plus.