Senior Information Security Auditor

Continue to make an impact with a company that is pushing the boundaries of what is possible. At NTT DATA, we are renowned for our technical excellence, leading innovations, and making a difference for our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can continue to grow, belong, and thrive.

Your career here is about believing in yourself and seizing new opportunities and challenges. It’s about expanding your skills and expertise in your current role and preparing yourself for future advancements. That’s why we encourage you to take every opportunity to further your career within our great global team.

The Information Security Auditing Specialist is a seasoned subject matter expert who plays a critical role in evaluating and ensuring the effectiveness of less complex security controls, policies, and practices.

This role collaborates with various cross functional teams to enhance the organization's security posture, mitigate risks, and maintain compliance with industry standards and regulations.

The Information Security Auditing Specialist typically reviews other auditor's audit reports ahead of sign off to provide feedback for the auditor to deliver comprehensive report findings.

• Lead planning, scoping, and execution of internal audits for information security, privacy, and business resilience using risk-based audit methodologies.
• Perform detailed control testing across technical, process, and third‑party outsourcing controls aligned to ISO/IEC 27001, ISO/IEC 27701, SOC 2 TSC, ISO/IEC 22301, and other applicable standards.
• Produce clear, concise, and detailed audit reports including findings, risk ratings, root‑cause analysis, practical remediation recommendations, and risk acceptance considerations.
• Act as primary liaison with external audit bodies, regulators, and assurance partners: prepare evidence packages, coordinate on‑site/remote audit activities, and respond to follow‑up queries.
• Provide advice and guidance to business units, IT, legal, privacy, and risk teams on information security and privacy frameworks, control design, and compliance requirements (e.g., GDPR, DORA).
• Mentor, coach, and develop junior auditors — review their work, provide feedback, and support career development and skills building.
• Maintain and enhance the internal audit methodology, templates, and assurance tooling; champion use of automation and AI to improve efficiency of testing, pattern detection, and reporting.
• Track remediation actions: maintain issues/risk register, liaise with control owners, validate remediation, and elevate where necessary.
• Contribute to continuous improvement initiatives for the Information Security & Privacy Management System (ISPMS) and cross‑functional risk programs.
• Support management reporting and audit committee deliverables, prepare executive summaries, and present findings to senior stakeholders.

• Strong working knowledge of ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 22301, and SOC 2 TSC frameworks: controls mapping, gap analysis, and audit interpretation.
• Deep understanding of GDPR principles and practical privacy controls; familiarity with EU/UK data protection obligations.
• Knowledge of financial / operational regulatory frameworks such as DORA (or readiness to apply its requirements to ICT risk and operational resilience).
• Experience liaising with external auditors and regulators, preparing evidence packs, and responding to assurance queries.
• Strong technical literacy: understanding of network security, identity/access management, cloud security, application security, encryption, logging/monitoring, and third‑party risk controls.
• Proficiency in audit tools, GRC platforms, and common productivity suites; willingness to evaluate and adopt AI tools for data analysis, testing, and reporting.

• Certified Lead Auditor (or equivalent) in:
  • ISO/IEC 27001 Lead Auditor
  • ISO/IEC 27701 Lead Auditor (or demonstrable privacy audit experience)
  • ISO/IEC 22301 Lead Auditor (desirable)
• Professional certifications preferred: CISA, CISSP, CRISC, CIPM or equivalent.
• Experience working within regulated industries (financial services, critical infrastructure, healthcare, or large‑scale technology services) is highly desirable.

• Minimum 5–8+ years of experience in information security, privacy, compliance, or IT/internal audit roles with demonstrated audit delivery.
• Prior experience leading information security or privacy internal audits and coordinating external audit engagements.

• Demonstrates strong analytical thinking, attention to detail, and the ability to translate technical findings into business risk terms.
• Excellent written and verbal communication skills — able to produce executive‑level summaries and detailed technical reports.
• Strong stakeholder management skills: builds credibility with technical teams, business leaders, and external assurance parties.
• Coaching mindset: motivated to develop junior team members and contribute to a high‑performance audit team culture.
• Proactive, pragmatic, and commercially aware — offers pragmatic remediation guidance that balances security, business continuity, and cost.
• Curiosity and drive to innovate: explores automation and AI opportunities to enhance audit effectiveness and efficiency.

• Timely completion of assigned audits according to the annual audit plan and risk priorities.
• High‑quality audit reports with actionable recommendations and appropriate risk ratings.
• Demonstrable reduction in repeat findings and timely remediation closure rates.
• Positive feedback from auditees, external auditors, and senior stakeholders on professionalism and clarity of reporting.
• Implementation or pilot of AI‑enabled techniques or automation in audit processes where appropriate.

• Reports to: Manager, Information Security Audit
• Regular interaction with: CISO, Data Protection Officer, IT leadership, Business Unit Managers, Legal, Risk, External Audit Firms, and Regulators.

Remote Working

NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Accelerate your career with us. Apply today.