WHAT ARE WE LOOKING FOR
We are looking for a Cybersecurity Compliance Engineer who can perform regular audit activities (such as physical or logical access controls) necessary to accomplish audit objectives in line with our client's requirements and compliance with international standards
The candidates we are looking to hire should have a team-oriented attitude and the ability to work well with others, both within the team and across geographically dispersed teams, to achieve a common goal.
Candidates must be skilled in process analysis, data analytics & sampling, interview techniques, and audit reporting and presentation.
Candidates must be able to communicate effectively with technical and non-technical audiences and have excellent verbal and written communication skills in English.
Main duties :
Perform regular audit activities (such as physical or logical access controls) necessary to accomplish audit objectives in line with our client's requirements and compliance with international standards (e.
g., ISO27001, SOX, SOC2).
Conducts security control reviews and audits across a full range of control types and techniques, for business applications and information systems.
Recommends appropriate remediation actions to management.
Proactively follow-up, track, and close identified audit observations. Evaluate an agreed-upon action plan for effective mitigation of risk.
Test layers of computer systems (i.e., application, database, operating system, data, infrastructure) for information technology (IT) effectiveness.
Works with colleagues and management to identify threats to the confidentiality, integrity, availability, accountability, and relevant compliance of information systems.
Assist in maintaining a healthy, safe, and secure environment in accordance with company internal policies and procedures.
Perform the audit through identifying, analyzing, evaluating, performing tests, and documenting corresponding internal audit reports.
Oversees the maintenance of ISO27001 supporting documentation and follows audit procedures in accordance with internal methodology.
Performs regular Business Impact Analysis as part of the ISO27001 evaluation cycle.
Conducts Information Security assessments for new and existing critical vendors.
Helps the team answering the information security questionnaires provided by Endava clients.
Provide support in the review process of the information security clauses within MSAs.
Qualifications and Experience
At least 3-5 years of Information Security / IT audit-related experience is needed.
Relevant university / master’s degree in areas such as computer science / mathematics / cybernetics
Availability to travel - 10% of the working time (when the current situation will allow travel).
Skills Required :
Excellent internal audit skills and knowledge : process analysis, data analytics & sampling, interview techniques, audit reporting, and presentation skills.
Team-oriented attitude and the ability to work well with others, both within the team and across geographically dispersed teams, in order to achieve a common goal.
Attention to detail and accuracy are very important.
Familiar with industry standards (ISO27001, SOC2 / ISAE, ITIL, GDPR, COBIT, etc.);
At least one of the following international certifications is a plus : CISA, ISO27001, CIA, CISM, CISSP.
Understanding of multiple technology domains including software development, operating systems, database management, networking.
Excellent interpersonal and communications skills; ability to communicate effectively with technical and non-technical audiences.
Professional discipline, initiative, flexibility, strong problem solving, and analytical skills.
Mature and well-organized person.
Excellent verbal and written communication skills in English.
Offer and Benefits :
Opportunity to work in a Global Organization
Career Development opportunities.
Work / Life benefits
Competitive salary package
We are an equal opportunity employer and are committed to a diverse workforce. We are committed to a policy of equal employment and will not discriminate against an applicant based on their age, sex, sexual orientation, gender identity, race, color, creed, religion, national origin or ancestry, citizenship, marital status, familial status, people with physical or mental disabilities, pregnancy or any other category protected under the laws we operate under.