Experteer für Arbeitgeber
magnifier icon

Senior Information Security Auditor

NTT DATA

NTT DATA

Tecnología de la información

Barcelona, Cataluña - Spanien

Project Manager Sénior / Especialista sénior

Experteer Overview

In this role you will lead internal information security, privacy, and business resilience audits to strengthen controls and compliance. You’ll work with cross-functional teams to improve security posture and support regulatory alignment. You’ll review peers’ audit reports to ensure clear findings and actionable remediation. You will mentor junior auditors and help evolve audit methodologies, including automation and AI-driven testing.

Responsabilidades

  • Lead planning, scoping, and execution of internal audits for information security, privacy, and business resilience using risk-based methodologies
  • Perform detailed control testing across technical, process, and third-party outsourcing controls aligned to ISO/IEC 27001, 27701, SOC 2 TSC, 22301, and other standards
  • Produce clear audit reports with findings, risk ratings, root-cause analysis, and remediation recommendations
  • Act as primary liaison with external audit bodies, regulators, and assurance partners; prepare evidence packages and coordinate audit activities
  • Provide guidance to business units on information security and privacy controls and compliance requirements (e.g., GDPR, DORA)
  • Mentor and develop junior auditors; review work and support career development
  • Maintain and enhance audit methodology, templates, and assurance tooling; promote automation and AI for testing and reporting
  • Track remediation actions and escalate as needed
  • Contribute to ISPMS and cross-functional risk program improvements
  • Support management reporting and audit committee deliverables and present findings to senior stakeholders

Requisitos principales

  • Strong knowledge of ISO/IEC 27001, 27701, 22301, and SOC 2 TSC; essentials include controls mapping, gap analysis, and interpretation
  • Deep understanding of GDPR principles and EU/UK data protection obligations
  • Awareness of DORA regulatory considerations for ICT risk and resilience
  • Experience liaising with external auditors and regulators; preparing evidence packs and responding to queries
  • Strong technical literacy in network security, IAM, cloud security, application security, encryption, logging/monitoring, and third-party risk controls
  • Proficiency with audit tools and GRC platforms; openness to AI-assisted data analysis, testing, and reporting
  • Minimum 5–8+ years in information security, privacy, compliance, or IT/internal audit; leading audits and coordinating external engagements
  • Academic certifications: Lead Auditor credentials (ISO/IEC 27001/27701/22301) and professional certifications (CISA, CISSP, CRISC, CIPM)
  • Experience in regulated industries (financial services, critical infrastructure, healthcare, or large-scale tech) is desirable
Analytical thinkingExcellent written and verbal communicationStrong stakeholder managementISO/IEC 27001/27701/22301 frameworksSOC 2 TSCGDPR and privacy controls

Descripción del puesto

In this role you will lead internal information security, privacy, and business resilience audits to strengthen controls and compliance. You…
Nur für MitgliederMobile Experteer Ad

Gehen Sie Ihren nächsten Karriereschritt

  • Weltweit über 1 Mio. Spitzenpositionen mit Gehaltsbenchmark

  • Lassen Sie sich diskret von Headhuntern finden und kontaktieren

  • Exklusiv für Senior Professionals und Executives

Bereits Mitglied?

Experteer verwendet Cookies.

Informationen zum Datenschutz