We are seeking an experienced IT & Cyber Security Auditor with a strong understanding of how technology environments are designed, implemented, and operated—and the ability to quickly identify control weaknesses, security gaps, and compliance risks.
This role is responsible for independently planning and executing audits and assessments across IT General Controls (ITGC), application controls, information systems, and cybersecurity frameworks, ensuring the confidentiality, integrity, and availability of information assets while maintaining compliance with regulatory and industry requirements.
The successful candidate will act as a trusted advisor to management, translating complex technical risks into practical, business-focused insights and actionable recommendations.
Key ResponsibilitiesConduct comprehensive information security and cybersecurity assessmentsPerform IT General Controls (ITGC) audits, including access management, change management, and IT operationsExecute application security and controls reviews covering SDLC, system configuration, interfaces, and data integrityCarry out information systems audits across infrastructure, databases, networks, and cloud environmentsLead cybersecurity audits and maturity assessments aligned with ISO 27001, NIST, COBIT, and applicable regulatory requirementsIdentify control gaps, evaluate risk impact, and recommend practical, business-aligned remediation actionsReview security policies, procedures, and technical configurations for compliance and effectivenessPrepare clear, executive-level audit reports and present findings to senior management and key stakeholdersTrack remediation activities and validate the implementation and effectiveness of corrective actionsMonitor compliance with data protection laws, regulatory requirements, and internal policiesAdvise the organization on GDPR compliance, privacy-by-design principles, and lawful data processing practicesDevelop, maintain, and oversee data protection policies, standards, and proceduresLead and review Data Protection Impact Assessments (DPIAs)Required Skills & ExperienceStrong hands-on experience in ITGC, application controls, and cybersecurity auditingSolid understanding of enterprise systems, security controls, and risk management frameworksKnowledge of regulatory standards and industry best practicesProven ability to translate technical risks into clear, business-focused insightsExperience delivering information security and cybersecurity awareness sessionsAbility to manage and execute audit and security projects independentlyCertifications (Preferred)CISA, CISSP, CISM, CDPSE, CRISC, ISO 27001 LA/LI, or equivalent
