Information security management system auditor (ISO/IEC 27001)

As a growing UKAS accredited certification body in the United Kingdom, we are inviting applications from highly motivated individuals seeking a career (or to extend their existing auditing career) as an information security management system auditor. We are seeking auditors who have attended Lead Auditor training based on the requirements of ISO/IEC 27001 and have a working knowledge of ISO/IEC 27002.

Essential skills and qualifications

Auditor characteristics

Auditors should be open-minded; possess sound judgement, analytical skills and tenacity; have the ability to perceive situations realistically, understand complex operations from a broad perspective, and understand the role of individual units within the overall organisation.

Customer facing skills

Auditors shall demonstrate excellent customer service skills at all times. As a certification body, we have a job to do and that is to gather evidence to demonstrate conformance or otherwise. In carrying this out, the auditor must have excellence in customer service at the forefront of their minds.

Personal attributes

  • Obtain and assess objective evidence fairly
  • Remain true to the purpose of the audit without fear or favour
  • Constantly evaluate the effects of audit observations
  • Avoid deviation from the audit due to distractions
  • React well to stressful situations
  • Continuously communicate to avoid surprises
  • Remain true to a conclusion (based on evidence) despite pressure

Qualifications and work experience

There is no one-size-fits-all regarding what makes a successful and effective auditor. We are looking for an all-rounder in information technology, but our criteria consider any or all of the following:

  • Qualifications (post-secondary, degree or diploma) in information technology or similar
  • Work experience in an information technology and/or cyber security role
  • Third party audit experience auditing information security management systems
  • Consultancy experience in information security and/or cyber security

We are particularly looking for an individual who possesses strong knowledge of information technology principles and techniques and can confidently interpret the information security controls set out in ISO/IEC 27001 and ISO/IEC 27002.