Senior ISMS Auditor  

Purpose

• Support and manage audit projects and initiatives of MICTS and continuously develop and enhance Information Security knowledge and skills through the participation of upskilling activities and training appropriate to the position.

Duties and Responsibilities

• Manage internal and external audit and consultation projects delegated by lead and contribute to the attainment of set goals and established key metrics through effective project plan implementation.
• Demonstrate the Information Security Consultant role and subject matter expertise by providing relevant, industry-recognized best practices, standards and regulations recommendations and advisories for both internal and external communications.
• Enhance information security knowledge and skills through continued learning and participate in credential-building activities to gain the prescribed certifications. Immerse in and facilitate group-initiated activities that promotes soft skills development required for the role.
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Support performance monitoring by providing feedback to the Lead Auditor
• Assist the Lead Auditor in the enablement of New Information Security Auditors through onboarding activities.
• Assist the Lead Auditor in managing team. Act as secondary point of contact and officer in charge in the absence of the Lead Auditor.

Qualifications

A. Minimum Education

• Bachelor’s Degree of any Information Technology, Accounting or Engineering-related studies

B. Minimum Experience/Training

• Has experience in project and/or program management
• Certifications related to Information Security (CISA, CEH, CCNA, CCNP ,etc) is an advantage
• Strong familiarity with known Information Security standards, governance framework and regulations

C. Competency

• Must have good communication and presentation skills
• Must be assertive, confident, has critical thinking and good decision-making capabilities
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of industry-standard and organizationally accepted analysis principles and methods.
• Knowledge of Risk Management Framework (RMF) requirements.
• Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
• Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
• Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
• Ability to understand the basic concepts and issues related to cyber and its organizational impact.
• Ability to facilitate group discussions.
• Ability to prepare and present briefings.
• Ability to work across departments and business units to implement organization’s privacy principles and programs and align privacy objectives with security objectives.
• Ability to understand the basic concepts and issues related to cyber and its organizational impact.