IT Auditor

Job Description:

The primary responsibility of this role will be to support our client's auditing efforts, ensuring compliance with ISO 27000 series standards and Sarbanes-Oxley Act (SOX) regulations.

Key Responsibilities:

1. Conduct thorough audits of our client's systems, processes, and controls to ensure compliance with ISO 27000 series standards and SOX regulations.
2. Review and assess information security policies, procedures, and documentation to identify any gaps or areas for improvement.
3. Perform risk assessments to identify potential security vulnerabilities and recommend appropriate mitigation strategies.
4. Evaluate the effectiveness of security controls and make recommendations for enhancements or modifications as necessary.
5. Collaborate with internal teams and stakeholders to communicate audit findings and provide guidance on remediation efforts.
6. Prepare comprehensive audit reports detailing findings, observations, and recommendations for corrective actions.
7. Stay abreast of industry trends, best practices, and regulatory changes related to information security and compliance.
8. Maintain accurate and up-to-date documentation of audit activities, findings, and resolutions.

Qualifications:

1. Bachelor's degree in Information Technology, Computer Science, or related field.
2. Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or equivalent.
3. Proven experience in conducting audits and assessments of information security controls, preferably within the context of ISO 27000 series and SOX compliance.
4. Strong understanding of information security principles, standards, and frameworks, including ISO 27001, ISO 27002, and SOX.
5. Familiarity with auditing tools, techniques, and methodologies.
6. Excellent analytical and problem-solving skills, with the ability to identify and address security risks effectively.
7. Strong communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to non-technical stakeholders.
8. Ability to work independently and manage multiple tasks concurrently, while adhering to strict deadlines.