Information Security Consultant / Auditor

Confidential Company

Conduct periodic security audits & assessments (internal & external)

• Review security policies, procedures, standards, and controls
• Assess and validate existing technical and operational security controls
• Risk assessments: identify, evaluate, and prioritize security risks
• Assess maturity of security controls, identify gaps vs frameworks (ISO 27001, NIST, CIS, etc.)
• Review incident response readiness, playbooks, and past incident analyses
• Monitor SOC / threat detection / alerting processes (if applicable) and understand SIEM, IDS/IPS, incident response, threat hunting
• Provide gap analysis against standards (e.g. ISO 27001, NIST CSF, SOC 2)
• Prepare audit findings reports, articulate recommendations and roadmap
• Conduct vendor / third-party security reviews
• Produce findings reports, guide remediation, and follow up to closure
• Review network, endpoint, identity, access, encryption controls, etc
• Mentor internal security staff (if any)
• Stay updated with evolving threats, regulatory changes

Minimum Qualifications

• Bachelor degree in Computer Science, Information Security, Engineering or equivalent
• 5-7 years in cybersecurity / information security roles
• Experience in a SOC environment or with managed detection & response services
• Hands-on experience in security audits and assessments
• Strong technical skills: networking, logging & monitoring, vulnerability management
• Certifications: ISO 27001 LA, ISO 27001 LI, CISA, CISSP, CISM, or equivalent
• Experience with major frameworks (ISO 27001, NIST, SOC, etc.)
• Excellent report writing and stakeholder management skills
• Strong ethical standards, confidentiality, and objectivity

Preferred / Advantageous

• Experience in your industry or regulatory regime
• Experience in cloud security (AWS, Azure, GCP)
• Experience with threat hunting, red teaming, or offensive security
• ISO 27001 Lead Auditor certification
• Experience in privacy / data protection compliance