Internal Auditor (10-12 yrs)

Role: Internal Auditor

Job Summary:

Seeking a skilled IT Compliance and Security Auditor to join our team, specializing in ISO 20000 (IT Service Management), ISO 27000 (Information Security Management), and SOC (System and Organization Controls) audits. This role involves evaluating and ensuring compliance with these standards, conducting thorough audits, and providing insights to enhance our organization's IT service management and information security frameworks.

Key Responsibilities:

- Audit Planning and Execution:

- Develop and execute comprehensive audit plans for ISO 20000, ISO 27000, and SOC frameworks.

- Conduct audits of IT service management processes, information security controls, and system and organization controls.

- Identify areas of risk, control deficiencies, and opportunities for improvement.

- Compliance Monitoring:

- Ensure adherence to ISO 20000 standards for IT service management, ISO 27001 standards for information security, and SOC reporting requirements.

- Stay updated on changes in relevant regulations and standards to maintain ongoing compliance.

- Support and coordinate with external auditors during audits and assessments.

- Reporting and Documentation:

- Document audit findings, including deficiencies and areas for improvement.

- Prepare detailed audit reports with actionable recommendations for management.

- Track and follow up on the implementation of corrective actions.

- Risk Management:

- Identify and assess potential risks related to IT service management, information security, and compliance.

- Provide recommendations for risk mitigation and control enhancements.

- Assist in developing and refining risk management strategies and frameworks.

- Training and Awareness:

- Develop and deliver training programs related to ISO 20000, ISO 27000, and SOC requirements.

- Foster a culture of compliance and security awareness within the organization.

- Provide guidance and support to staff on compliance-related issues and best practices.

- Continuous Improvement:

- Evaluate and suggest improvements to existing IT service management processes and information security policies.

- Stay current with industry trends, best practices, and emerging threats.

- Contribute to the development of new audit methodologies and tools.

Qualifications:

- Education: Bachelors/Master's degree in information technology, Information Security, Business Administration, or a related field. Relevant certifications (e.g., CISA, CISSP, ISO 20000 Lead Auditor, ISO 27001 Lead Auditor) are highly desirable.

- Experience: Minimum of 10 years of experience in IT auditing, with specific experience in ISO 20000, ISO 27000, and SOC audits.

- Knowledge: In-depth understanding of ISO 20000 standards for IT service management, ISO 27001 standards for information security, and SOC 1, SOC 2, and SOC 3 reporting requirements.

- Skills: Strong analytical and problem-solving abilities. Excellent communication and interpersonal skills. Proficiency in audit tools and methodologies.

- Certifications: Relevant certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), ISO 20000 Lead Auditor, or ISO 27001 Lead Auditor are preferred.

Additional Requirements:

- High level of integrity and professionalism.

- Ability to work independently and as part of a team.

- Strong attention to detail and organizational skills.