ISO 27001 Lead IT Auditor - Ortigas | Travel opportunities within SEA

Non-negotiable Requirements:

• Bachelor's degree in Information Security, Computer Engineering, Computer Science, IT, or anything related. Accounting is also okay,
• ISO 27001 Lead Auditor certification or equivalent.
• At least 5 years of IT Audit experience as an internal of external resource.
• Deep knowledge of ISO 27001 standards, information security controls, and regulatory requirements.
• Strong analytical and problem-solving skills, with meticulous attention to detail.
• Excellent communication skills, both written and verbal, for report writing and client interactions.
• Ability to work independently and collaboratively within a team, managing multiple audit projects concurrently.
• Willing to travel locally and within ASEAN countries
• Amenable to work onsite in Ortigas, and to be on a dayshift or midshift schedule

Key Responsibilities:

• Develop comprehensive audit plans and schedules in collaboration with clients, taking into consideration their specific information security requirements and objectives.
• Conduct ISO 27001 audits, assessing the effectiveness of information security controls and practices within client organizations.
• Analyse and evaluate client documentation, policies, procedures, risk assessments, and records to ensure compliance with ISO 27001 standards.
• Perform on-site audits at client locations, including interviews with personnel and inspections of information security processes and systems.
• Document audit findings, non-conformities, and areas for improvement, and prepare detailed audit reports that provide actionable recommendations to clients.
• Offer expert recommendations to clients for strengthening their information security management systems and achieving ISO 27001 certification.
• Communicate audit results and recommendations clearly and effectively with client management and staff, addressing any inquiries or concerns.
• Stay abreast of changes to ISO 27001 standards and information security best practices, ensuring that audit processes align with the latest requirements.
• Identify opportunities to enhance the audit program and contribute to the development of best practices in information security auditing.
• Perform other tasks that may be assigned by the immediate superior and/or management from time-to-time.