Risk & Compliance Auditor
Risk & Compliance Auditor
information Security – Risk and Compliance Auditor
If you’ve got experience auditing Information Security Systems and are keen to play a crucial part in the evolution of Info Sec for one of one of the UK’s biggest retailers, we might have the perfect role for you.
About the Team
The Information Security, Risk, and Compliance team is looking for an Information Security Auditor to play a key role in the evolution of the company’s Information Security.
You will be responsible for advising key stakeholders and business owners on all areas of Information Security compliance and will provide expert advice to both technical and non-technical audiences including advice on how to balance security and business requirements. In addition, you will oversee and perform security audits and risk assessments across a wide range of information security areas and provide assurance to senior management and executives in relation to information security controls and mitigation strategies.
About the Role:
You will:
- Play a key role in leading, scoping, executing, reporting, and presenting on internal and external security audits including access management, vulnerability management, policy compliance, and technical security controls. Perform additional security audits of key areas and projects to ensure conformity to a ‘privacy by design’ approach and represent Information Security Risk and Compliance in performing Data Privacy Impact Assessments, advising around Information and Data Security governance as required.
- Consult with business owners and IT stakeholders to ensure issues are remediated and propose mitigation plans to address information security risks within agreed timescales.
Assist with identification, tracking, and mitigation of information security risk through a risk methodology model and register and ensure information security compliance with identified audit requirements, security policies, standards, and legislation. Create, maintain, and distribute timely and relevant information security KPIs and other metrics to senior management and executives as well as contributing to the production of Information Security Risk and Compliance reports and updates for internal governance and Audit Committee meetings.
- Assist with business-wide awareness training and support other team members
About You
- Certified Information Systems Auditor (CISA) or similar industry qualification with previous experience working in a similar auditing role.
- Excellent communication and report writing skills with the ability to articulate and communicate complex IT-related business issues to colleagues across the business.
- Assertive and able to constructively challenge and question.
- Ability to effectively plan and prioritize workloads with the ability to successfully work to deadlines and measure and report on progress.
- Technical expertise in a wide portfolio of security control technologies and security-related experience with a proven track record of delivery in a dynamic and reactive environment
- Strong understanding of the Information Security Industry, current information security issues and trends, architecture, and security controls.