As a growing UKAS accredited certification body in the United Kingdom, we are inviting applications from highly motivated individuals seeking a career (or to extend their existing auditing career) as an information security management system auditor. We are seeking auditors who have attended Lead Auditor training based on the requirements of ISO/IEC 27001 and have a working knowledge of ISO/IEC 27002.
Essential skills and qualifications
Auditor characteristics
Auditors should be open-minded; possess sound judgement, analytical skills and tenacity; have the ability to perceive situations realistically, understand complex operations from a broad perspective, and understand the role of individual units within the overall organisation.
Customer facing skills
Auditors shall demonstrate excellent customer service skills at all times. As a certification body, we have a job to do and that is to gather evidence to demonstrate conformance or otherwise. In carrying this out, the auditor must have excellence in customer service at the forefront of their minds.
Personal attributes
- Obtain and assess objective evidence fairly
- Remain true to the purpose of the audit without fear or favour
- Constantly evaluate the effects of audit observations
- Avoid deviation from the audit due to distractions
- React well to stressful situations
- Continuously communicate to avoid surprises
- Remain true to a conclusion (based on evidence) despite pressure
Qualifications and work experience
There is no one-size-fits-all regarding what makes a successful and effective auditor. We are looking for an all-rounder in information technology, but our criteria consider any or all of the following:
- Qualifications (post-secondary, degree or diploma) in information technology or similar
- Work experience in an information technology and/or cyber security role
- Third party audit experience auditing information security management systems
- Consultancy experience in information security and/or cyber security
We are particularly looking for an individual who possesses strong knowledge of information technology principles and techniques and can confidently interpret the information security controls set out in ISO/IEC 27001 and ISO/IEC 27002.