Senior IT Auditor - Cyber Security - Pen Tester
The Audit and Risk Recruitment Company (ARRC) are recruiting for a Senior Cyber Security Auditor to join a FTSE 100 Tech business in central London.
The purpose of this role is to support the Group in providing risk-based independent assurance of the effectiveness of the Group's internal controls to senior management and the Group Audit and Risk Committee within the area of Cyber Security.
- Lead the scoping, planning, delivery and reporting of cyber security audits in the Technology domain across all OpCos in accordance with the Internal Audit methodology.
- Be the subject matter expert within the Technology domain in the areas of cyber security and ethical hacking.
- Perform technical audits on topics such as 5G, cloud, Internet-of-Things (IoT), Blockchain and other emerging technologies.
- Liaise with the business in tracking progress in addressing audit recommendations and confirming their closure.
- Build positive working relationships with security leaders across the organisation to understand issues and identify areas for improvement.
- Support Head of Audit - Technology and teams of peers in delivery of audit plans by providing knowledge and expertise.
- Building, maintaining and indirectly managing a community of cyber auditors across our global business.
- Preparation & delivery of end-to-end Audits in line with Internal Audit Methodology and in this area of specialisation.
- Develop and maintain high quality knowledge base & share best practices
- Operate within a team as well as being active in the wider virtual community
You must have
- CEH, OSCP, SSCP, CISSP, CISM, ISO27001 lead auditor
- CISA, CRISC, ITIL or Cobit (desirable)
- ISO 22301 (desirable)
- Experienced in the area of Cyber Security - either in an implementation, operation or assessment role.
- Technical knowledge on penetration testing, IT/information security/ cyber security standards and frameworks such as ISO27001, NIST CSF and GITC.
- Experience in audit (external and internal) and familiar with Internal Audit standards.
- Industry specific experience with mobile telecoms or related businesses.
- Well-versed in assessing business risks and controls, be able to articulate the risks, and recommend business-focused solutions.
- Strong interpersonal and presentation skills and ability to communicate with all levels of management.
- Ability to work in a fast-paced environment across multinational functional teams and multi-tasking.
- Fluent in English - written and spoken.
- Travel required - around 20%.
It is an ideal opportunity for some who has penetration testing experience and wants to move into Cyber Security governance work. If you are looking for a chance to be at the forefront of Cyber Security then this would be a great career move.