IT Internal Audit

• Assist and execute 3rd line of defense assurance assessments (testing and evidence-based reviews) based on mission-oriented controls.
• Follow the established GIA audit methodology and its processes and quality assurance tasks.
• Manage several engagements, with the support and constant coordination of the Head of internal IT audit team.
• Draft and approve audit reports based on the assessment result and provide feedback to audited team on identified gaps and potential solutions.
• Provide opinions on audit results and consultative advice.
• Be available for troubleshooting and general support for the GIA team.
• Store and manage results into central audit repositories.
• Assist the internal IT audit team to conduct analysis of results and determine trends and threats.
• Identify and manage risks related to IT and cybersecurity protection, and escalate risks and issues as needed.
• Interact and deliver with specialists across multiple departments within SE.
• Actively participate in internal awareness, training, and other events within GIA and SE.
• Be available for travelling to audit locations (NB: this is conditioned by the current ongoing pandemic and travel will only occur when the situation has improved sufficiently as to allow for travelling to resume in safe conditions).

Requirements

• 3 years’ experience in information security field/auditing
• Professional English proficiency (oral and written, including presentation)
• High quality report production
• Strong stakeholder engagement
• Previous experience of working with assurance / controls frameworks；e.g. IT General Controls, ISO 27XXX, NIST etc.
• A hybrid understanding of crossover between IT, business, legal,and information security requirements
• Ability to conduct security audits against such various control sets.
• Ability to analyse penetration testing reports, with knowledge on vulnerabilities (CVE, and more widely the MITRE tools and framework, or similar)
• Good understanding of the types of security risks and threats that controls mitigate
• Ability of assessing and sampling audit scope and controls in limited timescales
• Be able to provide recommendations and advice on any improvements needed
• Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.