Job Title: Information Security Auditor
Sheffield or Maidenhead
Responsible to: Global Information Security Lead
Responsible for: Providing independent assurance of the efficacy of SDL’s information security management system in supporting business aims.
Main Purpose of Job
As an Information Security Auditor you will use your knowledge and experience to perform security compliance assessments based on industry frameworks such as ISO27001, the NIST CSF and internal policies and processes. You will work with specialist individuals and teams to analyse control effectiveness and organisational practices and contribute to the formulation of remediation plans. The focus of your activities will be to contribute to the continual development and improvement of SDL’s internal and customer facing estate to support SDL’s business aims.
The Information Security Auditor will have an excellent understanding of technology and will be seen as a solutions expert who is able to work with all areas of the business, often acting as a resource to enhance systems that support both general operations and business growth.
1. Provide assurance of the effectiveness of SDL’s security posture in supporting business aims whilst increasing efficiency and maximising ROI.
2. Work with all areas of the business to ensure that strategies relating to Information Security align to company requirements.
3. Develop, maintain and deliver an Information Security audit schedule that considers business goals and appropriate security priorities.
4. Auditing internal practices against SDL’s Information Security standards.
5. Auditing partners against SDL’s Information Security expectations and contractual obligations.
6. Publish and present timely, high quality reports together with findings to SDL executives.
7. Support pre and post-sales process, presentations, and client-specific meetings (including audits) when required.
8. Engage with stakeholders to discuss security issues and opportunities for improvement to contribute to SDL’s continual improvement.
Qualifications, skills and experience
1. Batchelor’s degree in computer science, information systems or cyber security. Alternatively demonstrable equivalent experience will be considered.
2. Formal audit qualification such as Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA). Individuals holding appropriate information security related qualifications studying, for CIA or CISA will be considered.
3. Strong, current technology skills and knowledge in a broad range of areas including secure software development and cloud based technologies.
4. Advanced analytical and structured problem solving abilities with an inquisitive approach to work
5. Flexibility/Adaptability –fast to respond, thinks on feet, track record of adapting, thinking outside the box, open mind to new tools and changing processes
6. Ability to travel within UK and internationally (when needed). Estimate less than 25% of time.
7. Ideas generator and innovator: always asking Why? How?
8. Self-starter requiring little supervision to complete tasks independently, curious, fast moving pace, self-developer, exhibits interest in world outside SDL and seeks to learn lessons to apply internally.
9. Strong self-management and ability to work independently, or as part of a team.
10. Attention to detail.
11. Advanced written and verbal communication skills with proven ability to write highly technical reports and documentation.
12. Able to explain complex issues to inexperienced people.
13. Suitable time prioritisation and management skills.
1. An understanding of and experience working with information security frameworks such as ISO27001 NIST CSF and the HITRUST CSF.
2. Certified ISO27001:2013 Lead Auditor.
3. Experience working in a PCI-DSS regulated environment.