Information Security Internal Audit Professionals. Are you keen to join an existing projects team to take a lead role in delivering on the audits currently scheduled to ensure the successful certification of ISO/IEC 27001:2022 Information Security Management System (ISMS)
If you answered yes, then this is your opportunity to work closely with a Lead Auditor, Information Asset and Control Owners and Custodians and other project members to achieve project outcomes.
You will make a major impact on a large-scale ISMS implementation for one of Queensland’s most well-known and established organisations. You will form part of the ISO 27001 Implementation Project team and as part of the project, you will help deliver the internal audit program, reporting into the Lead Auditor.
What’s in it for you?
* Can support fully remote working if you are currently located in South East Queensland (but ideally one day/week in office – modern, plenty of parking, break-out-spaces, outdoor areas)
* Work with an experienced, supportive team (you will work hard, but have fun doing it)
* Rare mix of GRC, technical, and stakeholder management
* While the initial contract is just for six months, there is high possibility of extension
* Reporting to a gun of a Lead Auditor. Experienced. Adaptable. They are lovely.
So what will you actually be doing in this newly-created role?
Firstly, you’ll be joining a large enterprise who’ve established a multi-year security journey, and you’ll be part of the team focusing on Internal Audit, so this will be the majority of your work;
* Sample testing of key controls using a variety of audit techniques (e.g. document reviews, inspection, control reperformance).
* Provide short and long term recommendations for business units to improve the effectiveness and efficiency of security controls and procedures, and to improve overall compliance with the organisation’s information security requirements.
* Develop internal audit reports that are well-written, professional and clear.
* Present audit observations and recommendations to senior and executive management
* Participate in external audits where internal audit controls are applicable.
* Prepare reports, plans, briefing materials and correspondence for the ISO 27001 Project Steering Committee, senior management and other key stakeholders.
Will you be working on your own? Definitely not. You will be working with some of the best cyber GRC professionals who will be in the trenches with you. They’ve done this before and know what they’re doing.
What you need to be successful in the role:
* At least one of the following; ISO 27001 Lead Auditor, CISA, IRAP Assessor or equivalent.
* Experience with ISM, E8, PSPF frameworks
* Minimum 3-5 years + in a similar role
If you have read this and are at all interested, please apply. There is a lot more information I can share with you having worked with this organisation and team for many years.
Click APPLY and/or contact Marcus directly on marcus@decipherbureau.com for a confidential, casual chat.
Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.