Job Description:
The primary responsibility of this role will be to support our client's auditing efforts, ensuring compliance with ISO 27000 series standards and Sarbanes-Oxley Act (SOX) regulations.
Key Responsibilities:
- Conduct thorough audits of our client's systems, processes, and controls to ensure compliance with ISO 27000 series standards and SOX regulations.
- Review and assess information security policies, procedures, and documentation to identify any gaps or areas for improvement.
- Perform risk assessments to identify potential security vulnerabilities and recommend appropriate mitigation strategies.
- Evaluate the effectiveness of security controls and make recommendations for enhancements or modifications as necessary.
- Collaborate with internal teams and stakeholders to communicate audit findings and provide guidance on remediation efforts.
- Prepare comprehensive audit reports detailing findings, observations, and recommendations for corrective actions.
- Stay abreast of industry trends, best practices, and regulatory changes related to information security and compliance.
- Maintain accurate and up-to-date documentation of audit activities, findings, and resolutions.
Qualifications:
- Bachelor's degree in Information Technology, Computer Science, or related field.
- Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or equivalent.
- Proven experience in conducting audits and assessments of information security controls, preferably within the context of ISO 27000 series and SOX compliance.
- Strong understanding of information security principles, standards, and frameworks, including ISO 27001, ISO 27002, and SOX.
- Familiarity with auditing tools, techniques, and methodologies.
- Excellent analytical and problem-solving skills, with the ability to identify and address security risks effectively.
- Strong communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to non-technical stakeholders.
- Ability to work independently and manage multiple tasks concurrently, while adhering to strict deadlines.