Hiring Brief Summary
- Role requires strong internal audit, compliance assessment, and third-party/vendor governance experience rather than purely technical cybersecurity or policy-writing work.
- Target candidates should have 8+ years of total experience and at least 5 years in Information Security.
- Mandatory certification requirement: CISA OR ISO 27001 Lead Auditor (at least one is required). Candidates without certification should not be progressed.
Core Competencies
- Internal audit experience (not just policy development).
- Experience conducting third-party/vendor compliance reviews.
- Ability to independently test control effectiveness across operational, technical, and management controls.
- Experience reviewing ISMS evidence under ISO/IEC 27001.
- Capability to perform independent compliance assessments.
- Experience leading governance, audit, or client-facing meetings.
Framework Experience
- ISO/IEC 27001
- ISMS lifecycle management
Risk assessment and control mapping.
