Senior Audit and Compliance Consultant

UK London

Alfa Financial Software

Alfa is the premium provider of software to market-leading auto, equipment and wholesale finance businesses across the globe.

View all jobs at Alfa Financial Software

Apply now Apply later

Senior Audit and Compliance Consultant 
 

Alfa are currently recruiting a Senior Audit and Compliance Consultant  to contribute all information security auditing activities along with supporting day-to-day information security governance, risk and compliance (InfoSec GRC) activities.


Key responsibilities/activities

  • Collaborate with the Information Security team to ensure Alfa’s ISMS is compliant with ISO 27001:2022 and ISO 27018:2019, and meets the requirements of the AICPA Statement on Standards for Attestation Engagements 18 (SSAE 18) / International Standard on Assurance Engagements No. 3402 (ISAE 3402) System and Organization Controls (SOC) 1 Type 2 and SSAE18 System and Organization Controls (SOC) 2 Type 2.
  • Contribute to the audit cycles for all of Alfa’s Information Security auditing requirements (including client audits, internal audits and statutory audits).
  • Conduct periodic review and maintenance of Alfa’s Information Security Management System (ISMS) policies, procedures and processes.
  • Identify opportunities for improvements in information security controls to contribute to Alfa's growth and development.
  • Contribute to the planning of internal, external and client audit requirements including the collection of evidence.
  • Conduct physical security audits to ensure that Alfa’s operational locations are compliant with the ISMS.
  • Contribute to the completeness of security questionnaires for existing and prospective clients.
  • Contribute to the performance of Root Cause Analysis (RCA) for incidents and audit findings.
  • Provide consultancy, information security advice and guidance to teams and projects at Alfa.
  • Develop improvement plans from continuous internal IT security audits and threat modelling exercises.
  • Engage with third-party vendors, establishing and maintaining relationships with those third parties (as required).
  • Integrate and collaborate with other project and delivery teams at Alfa, such as: Technical Operations, Internal Solutions, Hosting Operations, Finance and Sales.
  • Comply with any other requirements set out in the information security roles and responsibilities.

Required experience /qualifications

  • Bachelor's degree (or equivalent) from a top university.
  • Associate Chartered Accountant (ACA) qualification offered by the Institute of Chartered Accountants in England and Wales (ICAEW) (fully qualified).
  • Good knowledge and experience of SOC 1 and SOC 2 examination and attestation requirements.
  • Experience with both internal and external IT assurance projects/engagements.
  • Good knowledge of IT audit techniques.
  • Capable of working independently.
  • Strong analytical and interpersonal skills with the ability to communicate complex and technical issues clearly and succinctly.
  • Eligible to work in the UK without restriction.
  • Minimum 3 years experience in related roles. This experience can be from an organisation which is SOC 1 and SOC 2 certified or from working in a major audit firm conducting SOC 1 and SOC 2 audits.


Preferred experience /qualifications

  • Awareness of EU/UK legislation / regulation, such as: Digital Operational Resilience Act (DORA) and Digital Services Act (DSA).
  • Application of ISO 27001:2022 Information security, cybersecurity and privacy protection - Information security management systems - Requirements.
  • Familiarity with ISO 27001 certification audit process/requirements.
  • Application of ISO 27005:2022 Information security, cybersecurity and privacy protection - Guidance on managing information security risks or NIST Risk Management Framework.
  • Application of ISO 27018:2019 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
  • Awareness of data privacy legislation including GDPR and e-Privacy Regulation.
  • Understanding and experience of the 'Three Lines of Defence' model environment.
  • Achievement of ISACA Certified Information Security Auditor (CISA), ISACA Certified Information Security Manager (CISM) or equivalent.
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0

Tags: Audits CISA CISM Compliance Finance GDPR Governance ISACA ISMS ISO 27001 ISO 27005 NIST Privacy Risk management RMF SOC SOC 1 SOC 2

Region: Europe
Country: United Kingdom

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.