About The Role
The ISO Lead Auditor works independently and collaboratively to lead and execute Stage 1 audits for clients preparing for certification. In this role, you will be responsible for assessing readiness, identifying gaps, and ensuring alignment with information security and privacy management standards.
Reports to:
Managing Consultant
Pay Classification:
Full-Time
Responsibilities
- Review the client’s documented Information Security Management System (ISMS) and Privacy Information Management System (PIMS)
- Evaluate the scope of the management system, including boundaries, applicability, and exclusions
- Assess the client’s understanding of ISO/IEC 27001 and ISO/IEC 27701 requirements, including risk assessment and treatment processes
- Verify that internal audits and management reviews have been planned and/or conducted
- Confirm the allocation of resources and roles for implementing and maintaining the ISMS/PIMS
- Identify areas of concern that could be classified as nonconformities in Stage 2
- Determine the client’s readiness for Stage 2 audit and provide recommendations
- Analyze policies, procedures, risk registers, asset inventories, and data flow diagrams
- Ensure documentation aligns with clauses and controls in Annex A of ISO/IEC 27001 and Annex B of ISO/IEC 27701
- Evaluate risk assessment methodology and risk treatment plans
- Review Statement of Applicability (SoA) and control implementation
- Assess alignment with clauses 4–10 (context, leadership, planning, support, operation, performance evaluation, and improvement)
- Assess mapping of privacy controls to applicable jurisdictions
- Review roles of PII Controllers and PII Processors
- Evaluate privacy risk assessments and data subject rights handling
- Prepare detailed Stage 1 audit reports with findings, observations, and recommendations
- Communicate audit outcomes to clients and internal stakeholders
- Collaborate with the audit team to plan Stage 2 activities based on Stage 1 results
Minimum Qualifications
EDUCATIONBachelor’s Degree in Information Security or related discipline, preferred but not required
Experience
- Minimum 2-3 years of experience conducting ISMS/PIMS audits
- Strong understanding of data protection regulations (e.g., GDPR, CCPA)
CERTIFICATIONS
- Certified Lead Auditor in ISO/IEC 27001 and ISO/IEC 27701
Skills
- Ability to meet deadlines with a high degree of motivation
- Excellent analytical, communication, and report-writing skills
- Thrives in a fast-paced environment
- Ability to work individually as well as collaboratively
Benefits
- Healthcare, Dental, and Vision Benefits
- Employer Paid Personal Accident Insurance
- Competitive Bonus Structure
- Home Office Reimbursement
- Certification Reimbursement
- Personalized Career Coaching
- Paid Office Closure December 25-January 1
- Generous Paid Time Off
- Summer Hours
About A-LIGN
A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com.
Come Work for A-LIGN!
Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on LinkedIn.A-LIGN is an Equal Opportunity Employer.
