IT Security Auditor

Job Summary:

The Information Security Auditor will be responsible for evaluating and assessing the security of the organization's information systems, ensuring compliance with internal policies, industry standards, and regulatory requirements. This role involves identifying vulnerabilities, recommending improvements, and providing guidance on best practices to protect sensitive data and mitigate security risks and working closely with various departments

Key Responsibilities:

• Conduct comprehensive security audits of information systems, networks, and applications.
• Evaluate the effectiveness of security controls and ensure compliance with relevant laws, regulations, and industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA, SAR, DPDP, SOC2).
• Identify and document security vulnerabilities and risks, and recommend appropriate remediation actions.
• Develop, implement, and maintain audit plans, procedures, and documentation.
• Collaborate with IT and other departments to ensure security controls are integrated into business processes.
• Monitor and review security policies, procedures, and practices to ensure they are up-to-date and effective.
• Perform risk assessments and provide recommendations for improving the overall security posture of the organization.
• Prepare detailed audit and BIA reports, including findings, risks, recommendations for remediation, and management responses. Present findings to management and relevant stakeholders.
• Stay current with the latest security trends, threats, and technologies.
• Assist in developing and delivering security awareness training programs.

Qualifications:

• Bachelor’s degree in Information Technology, Cybersecurity, Business Continuity Management, or a related field.
• Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ISO 27001 Lead Auditor,
• Strong understanding of information security frameworks (e.g., ISO 27001, NIST), risk management principles, IT audit methodologies processes.
• Excellent analytical skills with the ability to assess complex systems, identify vulnerabilities, and understand business impacts.