Senior Auditor Cyber & Info Security

Perform Cybersecurity and Information Systems audit to detect vulnerabilities and threats, identify high-risk practices and processes for identifying risks and ensuring compliance.

• Execute corporate Information Systems/Cyber Security audit plan taking into consideration risk assessment, goals and objectives of the Management and implement the plan to provide accurate assessment of operational performance and internal control processes.
• Perform the required Technology (Information Technology (IT), Operational Technology (OT)) related audits of the organization as an individual or working in a team.
• Examine internal Technology controls, evaluate the design and operational effectiveness, determine exposure to risk, and develop remediation strategies.
• Execute the cybersecurity audits for analysing/investigating any breaches or security concerns. Evaluate the internal security systems, controls, and policies, ensuring compliance with application laws and regulations.
• Perform coherent and logical documentation and summarization of action plans with the recommended actions.
• Track and manage all audit issues to completion, making sure that responses from management are received in a timely manner, and that audit issues conform to recommendations, as well as having an estimated completion date that is reasonable.
• Produce report of audit functions to enable the Audit Committee of the Board of Directors and the Corporate and operating management make objective assessment of processes and operations, systems, and planned corrective actions by management.
• Take part in major Technology initiatives and projects as well as in reviews of security systems and internal controls under development. Participate in special projects or studies such as fraud investigation, risk assessment, due diligence acquisition reviews, audit department policy updates, etc.

• Minimum bachelor’s degree in information technology or equivalent.
• Minimum 10 years of Auditing experience in Information Technology/Cyber Security, preferably in a large organisation. Experience in auditing Operational Technology areas such as Industrial Control Systems (ICS) or SCADA would be preferred.
• Certified Information Systems Auditor (CISA)/Cybersecurity Forensic Analyst Certification (CSFA)/ Certified Information Systems Security Professional (CISSP)/Certified ISO/IEC 27001 Lead Auditor/Certified Ethical Hacker (CEH).
• Certifications in ISA/IEC 62443 or SANS ICS410 would be advantageous.