Cyber Security Consultant - Third Party AuditorMorson Edge • Gloucester, England, United Kingdom
Dieses Stellenangebot ist nicht mehr verfügbar
Cyber Security Consultant - Third Party Auditor
Morson Edge
- Gloucester, England, United Kingdom
- Gloucester, England, United Kingdom
Über
Key Responsibilities-
Audit Delivery (Core Responsibility)- - Plan and scope third-party audits based on risk, regulatory requirements and contractual obligations - Conduct audit walkthroughs and structured control interviews - Test design and operating effectiveness of security controls - Perform sampling and traceability testing across processes and systems - Obtain, validate and challenge audit evidence (e.g. logs, system extracts, configurations, tickets, approvals) - Assess compliance against ISO27001, ISO27017, GDPR, Cyber Essentials Plus and relevant sector frameworks - Identify control weaknesses and determine root causes - Form clear, risk-rated findings with practical recommendations - Produce structured audit reports suitable for senior governance review and regulatory scrutiny - Track and verify remediation actions through to closure
Third-Party Security Assurance- - Conduct onboarding and periodic supplier cyber security audits - Evaluate supplier control environments handling nuclear information - Provide defensible assurance statements to internal governance boards - Escalate material risks and recommend approval, conditional approval, or rejection of suppliers
Regulatory & Governance Support- - Support regulatory inspections and provide audit evidence where required - Maintain complete audit documentation and audit trail records - Contribute to continuous improvement of audit methodology and assurance practices
Knowledge, Skills & Experience- - Practical working knowledge of international standards and information security frameworks (ISO27001, ISO27017, GDPR, Cyber Essentials Plus), including auditing control design and operating effectiveness against these frameworks - Proven experience conducting end-to-end audits or formal assurance reviews within a regulated environment (planning, walkthroughs, control testing, evidence validation, reporting and follow-up) - Experience assessing third-party or supplier environments - Understanding of HMG Security Policy Framework and NCSC/CPNI guidance and how to test compliance through audit evidence - Awareness of information security threats, risks and common control failures - Experience applying risk assessment methodologies (ISO27005, NIST, IRAM2) to support audit scoping and risk-rating of findings - Strong documentation and report writing skills - able to produce structured audit reports containing observations, root cause analysis and defensible conclusions - Ability to challenge stakeholders constructively and obtain sufficient appropriate audit evidence - Excellent written and verbal communication skills - Strong analytical mindset, professional scepticism, attention to detail and persistence
Candidates whose experience is limited to policy review, questionnaire completion, risk register management or supporting audits without leading control testing are unlikely to be suitable.
Qualifications - Preferred (Audit-Focused): - ISO27001 Lead Auditor or Internal Auditor - CISA, CIA or CRISC - CISSP (with demonstrable audit experience)
Also considered (with strong practical audit experience): - CISMP - Security+ - CEH - CCNA
Additional Information - Regular National travel required - Candidates must be eligible to obtain SC clearance.
TPBN1_UKTJ
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot wurde von einem unserer Partner veröffentlicht. Sie können das Originalangebot einsehen hier.