Senior IT Auditor

About the job

We are seeking to hire a Senior IT Auditor skilled in IT infrastructure, IT processes and Information security to join our team at
CybrOps
. We are a fast-growing company focused on delivering cyber security services and solutions to governments, critical infrastructure operators, and enterprise clients across Europe and beyond. We specialize in Red Teaming, Threat Intelligence, Penetration Testing and IT Audit.

The Senior IT Auditor will participate in various IS audit assignments and by coordinating with IS audit team and Penetration testing team. They will also participate in the implementation of specific projects in order to improve our audit process efficiency.

This is a full-time role for a Senior Internal IT Auditor. This role is primarily located in Bucharest, Romania. This is a full on-site role but we are flexible.

The opportunity

As a Senior IT Auditor, you will provide clients with reliable overview of their risk landscape and the controls in place. You will work with clients to help create trust and confidence in their internal controls over financial reporting. Furthermore, you will provide assurance related to internal controls, and offer industry/sector insight and thought leadership with a focus on risk and control matters. Other areas of services include consulting work in cybersecurity, IT strategy, architecture and optimization, business continuity planning, IT Governance and IT service management, information systems requirements analysis, solution design, implementation support, and technology-related regulatory compliance.

Key Responsibilities

Provide a deep understanding of information security (ISO 2700X) and business continuity (ISO standards for logical and physical security implementations.

• Provide independent, objective assessments to evaluate whether information security/business continuity management systems comply with ISO 2700X / 22301 Standards.
• Provide detailed assessment reports following each audit using the formal Internal Audit procedure and process.
• Plan, organize, conduct, and document audits, according to our established audit program and audit schedule.
• Establish Internal audit plan based on business needs and associated risks.
• While on audits, assess IT controls, identify control weaknesses for process improvements. Perform follow-up of implementation of communicated and agreed upon remediation actions and timely escalations.
• Report all findings to the management team and ensure that corrective action plans are implemented accordingly by performing review of effectiveness of corrective actions.
• Providing regular Internal Audit status report to management.
• The successful candidate will also be required to provide support to the information security and business functions as required management.

Considered a Plus

• Bachelor's/Master's degree in Technology or related field.
• 3+ years of experience in IT audit / Information security; experience with internal audit methodology.
• Strong technical knowledge and experience of SDLC, Application Security, Network Security, Cloud Security, IT system architecture, etc.
• Experience with different information security and data privacy standards and frameworks such as ISO2700X / 22301, NIS, GDPR etc.
• Strong data analytical and data automation skills.
• Practical experience in risks and compliance assessments (ITGC / ALC etc.) over digital solutions, technology, and systems.
• Team player with a focus on the big picture and overall success of our customers, the team, and CybrOps.
• Build strong relationships with relevant business partners to understand their business and identify appropriate risk mitigations and opportunities to add value.
• Must be self-driven and work independently in a multinational environment.
• Passion and commitment to quality and continual improvement.
• Ability to work in a fast-paced team-oriented environment where change is constant and needs to be managed.
• Professional qualifications: CISA, CISSP, CRISC, CISM, CEH, CIA, ISO 27001 lead Auditor, etc are a plus.
• Must be performance driven, detailed, and results oriented.
• Excellent communication and presentation skills with all management levels.
• A strong command of English, both written and spoken, is preferred. While not mandatory at the time of hiring, candidates are expected to achieve at least B2 proficiency within one year. CybrOps will fully cover the cost of English lessons to support this development
• Willing to work flexible hours and travel, if needed.

CybrOps
is committed to providing a workplace free from discrimination or harassment. We expect every member of the team to do their part to cultivate and maintain an environment where everyone has the opportunity to feel included, and is afforded the respect and dignity they deserve.

Decisions related to hiring, compensating, training, evaluating performance, or terminating are made fairly, and we provide equal employment opportunities to all qualified candidates and employees. We examine our unconscious biases and take responsibility for always striving to create an inclusive environment that makes every employee and candidate feel welcome.

What you will find

• Young company in Cyber Security that offers the real deal in terms of work life balance
• A fast-paced but supportive environment where autonomy is encouraged
• Opportunities for professional development through trainings and certifications
• A no-politics, trust-based culture that values transparency, ownership, and curiosity

Pre- Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the open position at
CybrOps
.