Description of typical tasks
Plan and perform IT security compliance audits. This include, but is not limited to : ICT environment, infrastructure and processes.
Applications, systems, network devices and office equipment. Security activities (e.g. awareness programme, monitoring, incident handling, etc.).
Assess IT security risks associated with target environments.
Assess compliance with IT security policy / rules.
Assess compliance with security-specific legislation and regulation (e.g. personal data, intellectual property and human rights).
Assess compliance with third parties and external partners.
Assess the implementation of previous recommendations / corrective actions.
Record, analyse and report.
General competencies and skills :
Excellent communication / writing skills.
Rapid self-starting capability and experience in team working.
Capability of defining and applying security standards in the IT environment.
Risk assessment and management.
Required proficiency in Information technologies :
Advanced knowledge of IT security standards, legislation and regulations (e.g. ISO 27000 series, FFIEC, HIPAA, PCI, NERC, SOX, NIST, GDPR, EU / Safe Harbor and GLBA).
Advanced knowledge and experience in audit and review methodologies.
Proficiency in conducting IT security audits.
Required education and professional experience :
Higher national or university degree in IT security management (e.g. in computer science, information security, cyber security, etc.).
At least 3 years of relevant IT security audit experience.
Certificate in IT Security audit (e.g. CISA, CISM, CISSP, etc.).
Certificate in ISO 27001 / 27002, ITIL and COBIT frameworks.