Information Security Auditor

  • Location

    Crawley, West Sussex

  • Sector:

    Cyber Security

  • Job type:


  • Salary:

    £450.00 - £500.00 per day

  • Contact:

    Jonathan Tranter

  • Contact email:


  • Job ref:


  • Published:

    6 months ago

  • Duration:

    6 Months

  • Expiry date:


  • Start date:


  • Client:


JOB TITLE: Information Security Auditor


DURATION: 6 Months

RATE: £450.00 - £500.00 per day

Primary Purpose of the Role:

The security team are expanding their audit capability and consequently an opportunity for an Information Security Auditor to join the security Team has arisen.

The successful applicant will play a vital role in assuring that our client and its supply chain manages and protects their and customer's information appropriately and will ensure that formal risk assessments and audits are conducted in a timely manner.

Principal Relationships:

  • Head of Security Services
  • Corporate Security Team Members
  • Information Asset Owners
  • Site Security Teams
  • Quality Assurance organisation

Key Responsibilities and Tasks:

Providing independent assurance of the efficacy of our clients information security management system in supporting business aims & objectives.

As an Information Security Auditor you will use your knowledge and experience to perform security compliance assessments based on industry frameworks such as ISO27001, IAMM the NIST CSF and internal policies and processes.

You will work with specialist individuals and teams to analyse control effectiveness and

Organisational practices and contribute to the formulation of remediation plans.

The Information Security Auditor will have an excellent understanding of technology and will be seen as a someone who is able to work with all areas of the business.

Main Duties

  1. Provide assurance of the effectiveness of our clients security posture in supporting business aims whilst increasing efficiency and maximising opportunities.
  2. Work with all areas of the business to ensure that strategies relating to Information Security align to company requirements.
  3. Develop, maintain and deliver an Information Security audit schedule that considers business goals and appropriate security priorities.
  4. Auditing internal practices against our clients Information Security standards.
  5. Auditing the supply chain against our clients Information Security expectations and contractual obligations.
  6. Publish and present timely, high quality reports together with findings to our clients CISO.
  7. Engage with stakeholders to discuss security issues and opportunities for improvement to contribute to our clients continual improvement.


  • Ability to work as a team member.
  • Takes responsibility for the completion of tasks.
  • Understand and manage expectations of customer requirements.
  • Ability to provide and present audit feedback.
  • Make effective decisions in consultation with others.


  • Proven experience in an information security role that includes:
    • Assessing information security risk,
    • Reviewing security policies and procedures
    • Interpretation of historical audit reports
    • Writing audit and non-conformance reports
    • Develop corrective action plans
  • Proven knowledge and experience of ISO27001.
  • Able to produce formal security policy and standards documentation to support UK corporate policy.
  • Familiar with legal and regulatory requirements that could impact organisational security policy


  • Quantifiable experience of implementing Security Policy Framework Mandatory Requirements.
  • Proven knowledge and experience of Information Assurance Maturity Model (IAMM)


    Excellent communication skills. - Ability to work within a team or with minimal direction delivering and improving the security culture. - Results oriented with an ability to deliver expected deliverables and output on time - Excellent relationship building. - A focus on continuous self-development


Essential - ISO 27001 Internal auditor or similar

Desirable Professional Qualifications and Memberships of associations such as

  • Certified Information Systems Auditor (CISA)
  • CESG Listed Advisor Scheme (CLAS),
  • Certified Information Security Manager (CISM),
  • Certified Information Systems Security Professional (CISSP)
  • ISO27001 Lead Auditor