We are seeking an Information Security Senior Auditor - Client Engagements to join our rapidly expanding consulting firm in Bucharest, Romania. This role is pivotal in providing expert audit and compliance services directly to our clients, ensuring their practices align with international standards such as ISO 27001:2022, NIST, and SOC2. The successful candidate will be responsible for conducting internal audits, performing gap assessments, managing readiness exercises for security incidents, and assisting during third-party audits. You will work closely with clients, cross-functional teams, and senior management to drive successful information security initiatives in our growing markets across the EU and APAC.

Responsibilities:

• Client Internal Audits: Conduct internal audits focusing on compliance with standards like ISO 27001:2022, identifying improvements and ensuring ongoing compliance.
• Gap Assessments and Analysis: Perform detailed gap assessments for frameworks such as ISO 27001, NIST, and SOC2. Provide actionable insights and recommendations tailored to client-specific needs.
• Table-Top Exercises: Design and facilitate table-top exercises to evaluate client readiness in handling security incidents, providing detailed reports and improvement strategies.
• Support During Third-Party Audits: Assist clients during audits by certifying bodies and other third parties, participating actively and helping respond to queries and compliance challenges.
• Documentation and Reporting: Prepare comprehensive reports detailing audit findings, assessment results, and exercise outcomes. Ensure clarity and alignment with client security objectives.
• Planning and Scheduling: Oversee the planning and scheduling of audit-related activities, ensuring they align with both our firm's and our client's strategic objectives.
• Stakeholder Engagement: Maintain active engagement with client stakeholders to ensure a thorough understanding and implementation of recommended security practices.

Required Qualifications:

• Professional Experience: Minimum of 3 years of proven experience in performing internal audits, gap assessments, and readiness exercises, specifically related to ISO 27001:2022 and other security frameworks such as NIST and SOC2. Experience in auditing for a Certifying Body is desired. Internal audit experience in the EU is essential.
• Certifications: Certifications like Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or ISO 27001 Lead Auditor are preferred.
• Client Engagement: Demonstrated ability in client-facing roles, managing client expectations and delivering customized security solutions.
• Communication Skills: Exceptional communication skills, capable of effectively discussing complex security issues with diverse stakeholders.
• Analytical Skills: Strong analytical skills, with the ability to analyze complex data, identify security risks, and propose effective solutions.
• Flexibility: Capacity to work flexible shifts to provide support for clients across APAC and North America time zones.

Education or Experience:

• Language Proficiency: Advanced proficiency in English and/or French, evidenced by TOEFL, IELTS, or similar language certification, academic qualifications, or professional experience.
• Bachelor's degree in Computer Science, Information Systems, or a related field is required.
• A minimum of five years of professional experience as a management consultant is essential.
• Work Permits: US or Canada work permits are considered a strong plus, indicating readiness to engage with international stakeholders.

Industry• Business Consulting and Services
Employment Type Full-time