Senior Audit and Compliance Consultant
UK London
Alfa Financial Software
Alfa is the premium provider of software to market-leading auto, equipment and wholesale finance businesses across the globe.Senior Audit and Compliance Consultant
Alfa are currently recruiting a Senior Audit and Compliance Consultant to contribute all information security auditing activities along with supporting day-to-day information security governance, risk and compliance (InfoSec GRC) activities.
Key responsibilities/activities
- Collaborate with the Information Security team to ensure Alfa’s ISMS is compliant with ISO 27001:2022 and ISO 27018:2019, and meets the requirements of the AICPA Statement on Standards for Attestation Engagements 18 (SSAE 18) / International Standard on Assurance Engagements No. 3402 (ISAE 3402) System and Organization Controls (SOC) 1 Type 2 and SSAE18 System and Organization Controls (SOC) 2 Type 2.
- Contribute to the audit cycles for all of Alfa’s Information Security auditing requirements (including client audits, internal audits and statutory audits).
- Conduct periodic review and maintenance of Alfa’s Information Security Management System (ISMS) policies, procedures and processes.
- Identify opportunities for improvements in information security controls to contribute to Alfa's growth and development.
- Contribute to the planning of internal, external and client audit requirements including the collection of evidence.
- Conduct physical security audits to ensure that Alfa’s operational locations are compliant with the ISMS.
- Contribute to the completeness of security questionnaires for existing and prospective clients.
- Contribute to the performance of Root Cause Analysis (RCA) for incidents and audit findings.
- Provide consultancy, information security advice and guidance to teams and projects at Alfa.
- Develop improvement plans from continuous internal IT security audits and threat modelling exercises.
- Engage with third-party vendors, establishing and maintaining relationships with those third parties (as required).
- Integrate and collaborate with other project and delivery teams at Alfa, such as: Technical Operations, Internal Solutions, Hosting Operations, Finance and Sales.
- Comply with any other requirements set out in the information security roles and responsibilities.
Required experience /qualifications
- Bachelor's degree (or equivalent) from a top university.
- Associate Chartered Accountant (ACA) qualification offered by the Institute of Chartered Accountants in England and Wales (ICAEW) (fully qualified).
- Good knowledge and experience of SOC 1 and SOC 2 examination and attestation requirements.
- Experience with both internal and external IT assurance projects/engagements.
- Good knowledge of IT audit techniques.
- Capable of working independently.
- Strong analytical and interpersonal skills with the ability to communicate complex and technical issues clearly and succinctly.
- Eligible to work in the UK without restriction.
- Minimum 3 years experience in related roles. This experience can be from an organisation which is SOC 1 and SOC 2 certified or from working in a major audit firm conducting SOC 1 and SOC 2 audits.
Preferred experience /qualifications
- Awareness of EU/UK legislation / regulation, such as: Digital Operational Resilience Act (DORA) and Digital Services Act (DSA).
- Application of ISO 27001:2022 Information security, cybersecurity and privacy protection - Information security management systems - Requirements.
- Familiarity with ISO 27001 certification audit process/requirements.
- Application of ISO 27005:2022 Information security, cybersecurity and privacy protection - Guidance on managing information security risks or NIST Risk Management Framework.
- Application of ISO 27018:2019 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
- Awareness of data privacy legislation including GDPR and e-Privacy Regulation.
- Understanding and experience of the 'Three Lines of Defence' model environment.
- Achievement of ISACA Certified Information Security Auditor (CISA), ISACA Certified Information Security Manager (CISM) or equivalent.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM Compliance Finance GDPR Governance ISACA ISMS ISO 27001 ISO 27005 NIST Privacy Risk management RMF SOC SOC 1 SOC 2
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.