Role Summary
This position supports the organization's IT internal audit and compliance functions by ensuring robust information security controls are in place. You will play a central role in audit preparation, risk assessment, and compliance reporting, working closely with internal stakeholders to maintain alignment with standards such as BSI C5, GDPR, ISO 27001, PCI-DSS, and SOC 2.
Key Responsibilities
- Lead audit readiness efforts by preparing internal teams for external audits and guiding them in collecting appropriate evidence
- Design and maintain repeatable processes for internal audit execution
- Monitor emerging compliance requirements and adapt internal practices accordingly
- Perform gap analyses and evaluate the effectiveness of existing controls
- Assess both inherent and residual risks, and execute testing procedures to validate control design and operation
- Document control workflows and conduct walkthroughs with relevant teams
- Take ownership of core audit tasks across planning, fieldwork, and reporting phases
- Collaborate with audit teams on complex projects and support senior staff in achieving objectives
- Identify control weaknesses and help develop practical remediation plans
- Draft clear audit reports and present findings to management during review meetings
- Manage increasing levels of responsibility across multiple audit cycles and business units
- Use digital work paper systems and internal tools efficiently to maintain audit records
- Ensure all audit activities comply with professional standards, timelines, and budget expectations
- Engage in continuous learning to maintain technical and regulatory expertise
- Review peer work products to support quality assurance
- Uphold company ethics policies and communicate professionally with internal partners
Qualifications
Applicants must have a high school diploma and at least two years of hands-on experience in information security auditing. Familiarity with compliance frameworks including GDPR, ISO 27000, BSI C5, Cyber Essentials, PCI-DSS, and SOC 2 Type 2 is required. You should have direct experience testing controls with internal teams and possess strong communication skills.
Technical knowledge of Windows, Linux, and Unix systems is essential. Experience auditing cloud infrastructure in AWS or Azure environments is mandatory. Proficiency with automated work papers and internal audit tools is expected.
Preferred candidates will hold entry-level cybersecurity certifications such as CompTIA Security+, CISA, CISSP Associate, CEH, CISM, GSEC, SSCP, or comparable credentials.
Compensation & Benefits
- Attractive compensation package
- Performance-based bonuses
- Support for professional development, including training and certification funding
- Workplace allowances
- Opportunities for team engagement and social events
Work Environment
This role operates in a culture that values inclusion, innovation, and personal authenticity. Teamwork and a commitment to excellence are central to daily operations. The environment supports professional growth and encourages ongoing skill development in a technically dynamic setting.
