Security Audit Analyst

Key Responsibilities

• Conduct internal and external security audits across IT systems, networks, and applications.
• Assess compliance with security standards such as ISO 27001, SOC 2, PCI-DSS, and GDPR.
• Identify vulnerabilities, risks, and control gaps; provide actionable recommendations.
• Review and evaluate security policies, procedures, and controls.
• Perform risk assessments and support risk mitigation planning.
• Collaborate with IT, DevOps, and business teams to implement security improvements.
• Monitor audit findings and ensure timely remediation of issues.
• Prepare dtailed audit reports and present findings to stakeholders.
• Support third-party/vendor security assessments.
• Stay updated on emerging threats, vulnerabilities, and regulatory changes.

Required Skills

• Strong understanding of information security principles and frameworks.
• Experience in security auditing, risk assessment, and compliance.
• Knowledge of standards like ISO 27001, SOC 2, PCI-DSS, NIST, GDPR.
• Familiarity with network security, application security, and cloud security.
• Experience with audit tools, vulnerability scanning tools, and SIEM systems.
• Strong analytical and problem-solving skills.
• Excellent documentation and reporting skills.

Preferred Skills

• Experience with cloud platforms (Azure, AWS, GCP).
• Knowledge of DevSecOps practices.
• Familiarity with penetration testing concepts.

Experience with data privacy regulations.

Qualifications

• Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field.
• 3+ years of experience in security auditing or information security.

Certifications (Preferred)

• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• ISO 27001 Lead Auditor / Implementer