Information Security Auditor
*Role now filled*

About us…

We’re actively looking for an Information Security Auditor to come and join our brilliant team of Information Security Consultants. This is a fantastic opportunity to join a professional team and to work in a forward thinking and stimulating working environment. RightCue’s aspiration is to develop and grow its team by attracting and recruiting the best, ensuring its readiness for future, where the standards set are consistently high and client and employee rewards are great.

About you…

Communication and collaboration are central to effective employee performance here at RightCue. Having the right technical skills and qualifications is undoubtedly important, however, how you interact, engage and build trusting sustainable relationships is what will set us apart here at RightCue.  This is a client-facing position and client relations will therefore need to have been central to your career path to date.   As with all client-facing positions, there will be a requirement for you to travel on occasion around the UK and abroad. You will therefore need a valid UK driving licence and due to the sensitive nature of our business, you will be expected to maintain the highest level of data security and confidentiality, including the ability to obtain Security Clearance, if required. The position requires flexibility to work across multiple time-zones.

Key responsibilities…

  • Effective management of the audit process with appropriate consideration being given to audit risk issues and technical matters
  • Agree on audit scope, produce audit plans, audit agendas, and request for documents
  • Efficient application of IT auditing procedures, including but not limited to defining the scope of audit engagement, creating audit programmes/plans, and conducting of audit testing
  • Review, evaluate, and test application, infrastructure, and IT general controls
  • Maintain efficient audit documentation and records of evidence.
  • Communicate complex technical issues in simple terms to the relevant stakeholders
  • Provide recommendations and guidance on identified security and control risks
  • Lead on the legal and regulatory landscape and clearly articulate by using the associated terminology that applies across industries – pharmaceuticals, software, financial etc
  • Proactively ensure that all procedures are appropriately documented and referenced

Technical skills…

  • Significant experience of working in Information Security and demonstrable skills as an IT Auditor
  • Knowledgeable regarding relevant industry standards (e.g., ISO 27001, ISO 19011, CIS Critical Controls, NIST, IASME standard, NCSC Cyber Essentials Scheme, OWASP)
  • Comprehensive understanding of IT audit methodologies, including audits under ISO 27001, ISO 27017/18, SOX, third-party audits, CSA STAR, vendor risk assessments, HIPAA, US FDA and EU GDPR and similar
  • Technical knowledge of testing techniques, methodologies, and tools across all common platforms
  • Authoritative on information and cybersecurity, assurance, risk, threat management and incident response

Experience of the following will be advantageous:

  • Encryption and PKI, including Encryption Key and Certificate Management
  • Configuration Management
  • Database Management Systems, Application security and virtualisation techniques
  • Networking, Firewalls, Wifi
  • Audit of Cloud Platforms like AWS, Azure, GCP
  • Application Security
  • Pharma CSV audits

Qualifications…

You will ideally have or be studying towards one or more of the following or equivalent qualifications:

  • CISA, CRISC, CISM, CISSP, Certified Internal Auditor or similar, with minimum 3 years of audit experience
  • ISO 27001 Lead Auditor, MSc in Cybersecurity with 4 years of relevant experience

What you will get…

Working alongside highly experienced consultants, as part of a small team, will give you the opportunity to get involved, develop essential business and leadership skills.  We value diversity and are committed to providing equal opportunities for all our employees and importantly, we focus on what you achieve, not how long you spend trying to achieve it.

  • Annual salary
  • Hybrid working
  • Flexibility to manage your own diary
  • Free on-site car parking (when required)
  • Home office set up support
  • MacBook Pro / iPhone
  • 25 paid holidays + 8 bank holidays
  • Pension scheme
  • Employee Assistance Program (EAP)
  • Company credit/debit card (role specific)
  • Growth opportunities – apprenticeships, training, professional qualifications/memberships
  • Study leave (when required)
  • Work/life balance

If you would like to apply for this position, or are looking for other information security jobs, email your latest CV to HR@rightcue.com

By sending your CV to the above mailbox you consent to us collecting and storing your CV/application and contact details. We will hold this information securely and process it for recruitment purposes only. Please refer to our Privacy Statement for more details on our compliance with GDPR and Data Protection.