Senior Auditor ISO 27001

Apply for this position
Salary Benchmark*
Location
Career Level
Industry
Visible for Experteer Members
France
Manager / Team Leader
Management Consulting

Great that you're thinking about a career with BSI!

The role of the InfoSec Senior Assessor is to work closely with BSI clients to help them improve their performance by assessing their Information Systems, IT Infrastructures, Data Centers, Information Security Operations and processes against ISO 27001, ISO 27017, ISO 27018 standards, SOC2, GDPR, HDS (Protection of Health Data) and other international or local Frameworks/Reference Systems. At the end of each assessment the Assessor compiles an Audit Report (BSI eReport) and presents this to the client. Extensive travel required for auditing in various BSI client sites in Europe (mostly across France region and Southern Europe). English and French bilingual speaker preferred but fluent in French is not compulsory.

Key Responsibilities & Accountabilities

  • Undertake ISMS (Information Security Management System) Assessments in accordance with BSI requirements.
  • Prepare Assessment Reports and deliver findings to clients to ensure client understanding of the Assessment decision and clear direction to items of corrective action where appropriate.
  • Recommend the issue, re-issue or withdrawal of certificates, and report recommendations in accordance with BSI policy, procedures and prescribed time frame.
  • Lead Assessment Teams as required ensuring that team members are adequately briefed so that quality of service is maintained and that effective working relationships are sustained both with Clients and within the team
  • Establish and develop an effective partnership, which secures the commercial relationship and encourages opportunities for business development and increased client satisfaction with clients in your portfolio.
  • Provide accurate and prompt information to support services, working closely with them to ensure that client records are up to date and complete and that all other internal information requirements are met.
  • Plan/schedule workloads to make best use of own time and maximise revenue-earning activity.
  • Coach colleagues as appropriate especially where those members are inexperienced assessors or unfamiliar with clients' business/technology and assist in the induction and coaching of new colleagues as requested.

Knowledge / Skills / Abilities

  • Qualifications and/or equivalent industry experience in the required information security sector.
  • Demonstrates knowledge of how a business operates to ensure appropriate interpretation of ISO 27001 standards and its technical controls.
  • Demonstrates interpersonal skills with the proven ability to communicate effectively at all levels within an organisation and BSI.
  • Proven negotiation skills to be able to explain assessment findings to organisation's management.
  • Excellent presentation skills, able to present assessment findings professionally and effectively, often through formal stand-up presentation to a group of senior managers.
  • Energy and commitment to undertake the assessor role, which can be very demanding, working within different premises every day, being in front of the client and constantly on the move.
  • Learning ability to keep up with changes to business, industry, management thinking and developing assessment styles.
  • Possess computer skills and be conversant with basic packages including BSI Tools, MS Word, the Internet, and e-mail.
  • Strong written communication skills in both languages English and French; able to formulate clear, concise and professional reports, explaining technical issues, within required timeframes.  Effective communication through the written word is essential.
  • Organised and self-motivated  - operating from home and remote from any BSI office, the Assessor needs to be able to manage their own workload to maximise self-effectiveness.
  • Demonstrate thorough technical knowledge to be able to interpret the language of the Client organisation and of IT Security Technical Teams.
  • As driving is considered essential to the fulfilment of your duties, you must provide evidence that your driving licence has less than six penalty points.
  • Coach colleagues as appropriate especially where those members are inexperienced assessors or unfamiliar with clients' business/technology and assist in the induction and coaching of new colleagues as requested.
  • Maintain and develop assessment skills and technical and management system standards knowledge.

Training and Development:

All Assessors are expected to reach Lead Assessor status through a process of training, examination and evaluation.  This covers both their skills in auditing and their ability to manage teams of colleagues drawn together on large or more complex assessments.

  • Upon commencement appointees will begin a structured development programme to enable them to achieve BSI Assessor status within their first 3-6 months of employment, and then to progress to BSI ISO 27001 Lead Assessor status.

Our Excellence Behaviours: Customer Focus, Accountability, Respect, Communication, Achievement & Leading and Managing others