Job Description

Job Nature

--------------

The Information Security Auditor will be responsible for assessing, monitoring, and ensuring the organization's compliance with international security standards (ISO 27001), cybersecurity frameworks, and data protection regulations. The role involves planning and conducting internal/external audits, identifying risks and vulnerabilities, and recommending corrective actions. The auditor will work closely with IT, compliance, and business teams to strengthen the organization's security posture and support certification/recertification processes.

Key Responsibilities

------------------------

Audit & Compliance

Plan, conduct, and report on internal information security audits aligned with ISO 27001 and other frameworks.


Support external audits and certification processes by liaising with auditors and regulatory bodies.


Ensure compliance with data protection laws (e.g., GDPR, PDPA where applicable).

Risk & Controls Assessment

Evaluate existing security controls, policies, and procedures for effectiveness.


Identify risks, vulnerabilities, and gaps in cybersecurity and data protection practices.


Recommend improvements and track corrective/preventive actions (CAPA).

Documentation & Reporting

Develop and maintain audit checklists, reports, and compliance documentation.


Provide management with clear audit findings and risk assessments.


Maintain evidence logs for ISO 27001 controls and compliance purposes.

Stakeholder Engagement

Collaborate with IT, HR, Legal, and Business units to ensure alignment with security policies.


Conduct awareness sessions to promote compliance culture.


Advise leadership on security risks, trends, and mitigation strategies.

Continuous Improvement

Monitor changes in international standards and regulatory requirements.


Drive continuous improvement of Information Security Management Systems (ISMS).


Benchmark practices against industry best standards (e.g., NIST, CIS Controls).

Qualifications & Skills

----------------------------

Education & Certifications

Diploma or Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field. ISO/IEC 27001 Lead Auditor / Lead Implementer certification (preferred). Additional certifications are an advantage: CISA, CISM, CISSP, GDPR Practitioner, CEH.

Experience

3-7 years of experience in information security, IT audit, or compliance. Personnel with no expereince are welcome to apply. Proven track record in conducting ISO 27001 audits (internal or external will be an advantage). Experience with data protection regulations (PDPA, GDPR etc.) Hands-on knowledge of cybersecurity practices, risk assessment, and incident response.

Skills

Strong understanding of ISMS principles, risk management, and compliance frameworks. Ability to analyze technical controls (network, cloud, applications) from a compliance perspective. Excellent report writing and presentation skills. Strong communication, stakeholder management, and problem-solving skills. * Ability to work independently and manage multiple audits/projects simultaneously.