Cybersecurity Auditor

Role & responsibilities

• Conduct comprehensive audits of cybersecurity policies, practices, and controls to ensure compliance with regulatory standards and industry best practices.
• Evaluate the effectiveness of the organizations cybersecurity measures, including risk management frameworks, incident response plans, and security infrastructure.
• Review and assess the security of information systems and networks, identifying vulnerabilities, and recommending enhancements to mitigate risks.
• Analyze security policies and procedures to identify gaps or areas for improvement, ensuring alignment with compliance requirements such as GDPR,HIPAA, SOC 2, or ISO 27001.
• Perform vulnerability assessments and penetration testing to simulate cyber attacks and identify weaknesses in the cybersecurity defenses.
• Collaborate with IT and cybersecurity teams to develop and implement corrective action plans based on audit findings.
• Maintain up-to-date knowledge of emerging cybersecurity threats, trends, and regulatory changes that could impact the organizations security posture.
• Prepare detailed audit reports, presenting findings and recommendations to senior management and relevant stakeholders.
• Support the development and maintenance of a comprehensive cybersecurity audit program, including scheduling, planning, and executing audits.
• Engage in continuous education and training activities to enhance auditing skills and cybersecurity knowledge.

Skills:

• Strong understanding of cybersecurity principles, technologies, and best practices.
• Familiarity with regulatory compliance standards and frameworks relevant to cybersecurity (e.g., NIST, ISO 27001, GDPR, HIPAA).
• Proficiency in conducting vulnerability assessments, penetration testing, and security audits.
• Analytical skills to evaluate security systems, identify vulnerabilities, and propose remedial actions.
• Excellent communication and reporting skills, capable of explaining technical issues to non-technical stakeholders.
• Attention to detail and a methodical approach to conducting audits and assessments.

Certification (Optional but beneficial):

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• GIAC Systems and Network Auditor (GSNA)
• ISO 27001 Lead Auditor