Information security management system auditor (ISO/IEC 27001)

As a growing UKAS accredited certification body in the United Kingdom, we are inviting applications from highly motivated individuals seeking a career (or to extend their existing auditing career) as an information security management system auditor. We are seeking auditors who have attended Lead Auditor training based on the requirements of ISO/IEC 27001 and have a working knowledge of ISO/IEC 27002.

Essential skills and qualifications

Auditor characteristics

Auditors should be open-minded; possess sound judgement, analytical skills and tenacity; have the ability to perceive situations realistically, understand complex operations from a broad perspective, and understand the role of individual units within the overall organisation.

Customer facing skills

Auditors shall demonstrate excellent customer service skills at all times. As a certification body, we have a job to do and that is to gather evidence to demonstrate conformance or otherwise. In carrying this out, the auditor must have excellence in customer service at the forefront of their minds.

Personal attributes

  • Obtain and assess objective evidence fairly
  • Remain true to the purpose of the audit without fear or favour
  • Constantly evaluate the effects of audit observations
  • Avoid deviation from the audit due to distractions
  • React well to stressful situations
  • Continuously communicate to avoid surprises
  • Remain true to a conclusion (based on evidence) despite pressure

Qualifications and work experience

There is no one-size-fits-all regarding what makes a successful and effective auditor. We are looking for an all-rounder in business, specifically in one of the sectors mentioned above, but our criteria consider any or all of the following:

  • Qualifications in the industry or sector (post-secondary, degree or diploma)
  • Work experience in the industry (which demonstrated good knowledge of the industry)
  • Other indirect experience which could include: audit experience, consultancy experience, etc.

We are particularly looking for an individual who possesses strong knowledge of information technology principles and techniques and can confidently interpret the information security controls set out in ISO/IEC 27001 and ISO/IEC 27002.