Senior IT Auditor- REMOTE

Overview

We are partnering with a fast-growing, cloud-based SaaS organization that provides integrated risk, compliance, governance, and insurance technology solutions to a wide range of industries. The company operates on a secure, scalable platform and supports clients across highly regulated environments, making information security and compliance core to its success.

This Senior Internal IT Auditor will play a key role in maintaining and strengthening the organization's Information Security Management System (ISMS), with a primary focus on ISO 27001 compliance. The position is responsible for planning, executing, and reporting on internal audits, identifying control gaps, and partnering with stakeholders to drive remediation and continuous improvement.

Audit Planning & Execution

• Develop and maintain the internal audit schedule for the ISMS.
• Plan and execute internal audits of policies, procedures, and technical controls aligned with ISO 27001 requirements.
• Perform walkthroughs, interviews, and evidence collection to evaluate control design and operating effectiveness.
• Document audit procedures, findings, and supporting evidence clearly and accurately.

Reporting & Follow-Up

• Prepare detailed audit reports outlining findings, non-conformities, root causes, and improvement opportunities.
• Present audit results to information security leadership and governance stakeholders.
• Track corrective action plans and validate the effectiveness of remediation efforts.

Compliance & Governance

• Ensure confidentiality, integrity, and proper handling of audit documentation and evidence.
• Maintain audit records in accordance with internal documentation and data retention policies.
• Support readiness activities for external audits, certifications, and third-party assessments.

Continuous Improvement

• Identify gaps or inefficiencies in ISMS processes and recommend practical, risk-based improvements.
• Stay current on changes to ISO 27001 and related frameworks and security standards.
• Contribute to the ongoing maturity and effectiveness of the organization's security and compliance posture.

Qualifications

• Bachelor's degree in Information Security, Risk Management, IT, or a related field.
• 3–5 years of experience in internal audit, IT audit, or IT compliance.
• Hands-on experience with ISO 27001 and ISMS auditing strongly preferred.
• Working knowledge of audit methodologies, control testing, and risk assessment.
• Strong written and verbal communication skills, with the ability to explain technical issues to non-technical stakeholders.

Preferred

• Certifications such as CISA, ISO 27001 Lead Auditor, or similar.
• Familiarity with NIST 800-53, SOC reporting, or other security/compliance frameworks.
• Experience supporting external audits or certifications.