Security Auditor - ISO27001 , ISO 27001
Lead ISO27001 Auditor is required to work for a leading name within the insurance industry. The ISO27001 Auditor will work closely with the IT teams to build on the existing controls within the IT department and where improvements have been identified to drive these through to completion. The ISO27001 Auditor will work alongside a team of 7 other Auditors in this specific project and be responsible to train new hires in other locations within the UK.
- Co-ordinate all IT audit activities and information gathering for all IT internal and external audits.
- Manage and drive to closure any open IT audit findings, in a timely manner, working closely with all IT teams.
- Ensure identified IT operational controls are measured and reported on a regular basis. Driving compliance against policy.
- Ensure access reviews are completed in a timely manner for folders and applications identified.
- Provides requirements to new projects to ensure any new systems controls are in line with control requirements.
- Facilitate timely identification, escalation, resolution, and follow-up for all outstanding issues.
- Manage third parties to ensure all agreed IT controls are working as designed.
- Perform periodic checks of existing IT controls and report to management on any improvements that need to be made.
- To lead organisational and cultural change necessary to successfully deliver our key goals.
- Make a personal contribution to the overall performance of the business, beyond the specific remit of the role. Be seen as a valuable agent of change within ICT as a result.
- Knowledgeable of ISO 270001, COBIT 5, CyberEssentials, PCIDSS etc.
- Proven track record of influencing stakeholders at all levels
- Exceptional communication skills
- Exceptional analytical and problem solving skills
- Collaboration and partnership capabilities – internal within the organisation and externally with key third parties
- The ability to build trust and relationships up-and-down the organisation
- Exceptionally strong attention to detail
- Experience of negotiating with and managing contracts with required third parties to deliver value
- Ability to travel within Europe and work flexible hours as required.
- Project management
- Operations security
- A.13 – Communications security
- A.14 - System acquisition, development and maintenance
- A.15 - Supplier relationships
- Relevant qualifications in cyber security such as CISSP, CISM, CISA, ISO27001 lead auditor etc are needed for this role.
- Ability to communicate effectively in writing and verbally to a wide range of people at all levels including communicating complex technical issues to non-technical user base.
- Experience of vendor management necessary.
- Strong people skills
- Pro-active and hands on - responds purposefully to events.
- High level of energy, curious minded, a positive can do attitude.
- Ability to operate within a highly pressurised and fast paced environment, consistently delivering results and achieving corporate objectives on time and within the agreed parameters.
This job was originally posted as www.jobsite.co.uk/job/960291213