Information Security Auditor

SoCyber is a venture-backed cybersecurity company on a mission to solve complex cybersecurity problems and help organizations across all industries and sizes fortify their cybersecurity defenses. We provide a wide range of security, compliance and vulnerability management solutions.

Our passionate team of experts is working on projects covering the full spectrum of digital and physical infrastructure. SoCyber is partnered with leading organizations worldwide, offering you the chance to learn from seasoned professionals and make a real difference in the fight against cyber threats.

We are a tight and supportive team, dedicated to learning and growing together. If you are looking to progress your career by solving complex problems in a competitive environment, apply today!

Job Overview

As an Information Security auditor, you will be a key contributor to our security team, responsible for conducting comprehensive information security and compliance assessments and delivering insightful reports. Your expertise will be crucial in identifying IT security gaps and misconfigurations and recommending effective remediation actions. In addition, you will play a vital role in client engagement, knowledge sharing, and the continuous improvement of our security services.

We offer a flexible hybrid work model depending on the current project requirements.

Responsibilities

• Support and consult the company and clients in cyber security topics
• Propose new cyber security improvements to our clients
• Support of ISO 27007, PCI-DSS audits, and vulnerability assessments
• Work closely together with clients’ representatives, to create their cyber security roadmaps
• Plan, implement, manage, monitor, and upgrade security measures for the protection of the client’s organizational data, systems and networks.
• Daily administrative tasks, reporting and communication with the relevant departments in the organization
• Cooperate with other departments (Sales, Marketing, PenTesting)

Skills and Experience Required

• Experience in writing policies and procedures in regard to the well-known standards (ISO 27001, PCI-DSS etc.)
• Demonstrate in-depth knowledge of Risk assessment and risk management methodologies &/or frameworks.
• Experience in applying & using qualitive / qualitive Risk and/or Threat based risk models
• Knowledge of UK / EU information security management, governance, and compliance principles, practices, laws, rules and regulations.
• Experience in implementing and/or operating one or more Security Risk Management, Compliance or Data Protection technology platforms.
• Experience in implementing and operating one or more of the following:
• ISO 27001 compliant ISMS
• PCI DSS / SOX compliance
• UK NCSC CAF compliance
• UK or EU GDPR / UK Data Protection compliance
• NIS/NIS2, DORA compliance
• UK Operational Resilience / TSA(R) compliance
• UK CNI / OT / IIOT compliance
• Experience in Microsoft Server Environments / Active Directory
• Experience in Microsoft 365 & Azure (Monitoring & Security)
• Cyber and Cloud Security standards & frameworks, supporting architecture, design, operations, controls, technology, solutions, and service orchestration.
• Core knowledge of Information Technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
• Information systems auditing, monitoring, controlling, and assessment processes.
• Knowledge of Incident response management.
• Outstanding English verbal communication skills with the ability to explain things in a clear and non-technical way.
• Excellent English writing skills for technical documents and improving processes (such as policies and reports).
• The ability to explain complex topics to a diverse range of audiences.
• Strong attention to detail and the ability to deliver high quality work.
• A relevant and recognized professional Security / Risk / Compliance certification supporting the role, such as CISSP, PCI ISA, ISO 27001, ISMS Lead Implementer, CRISC, etc.

Must be able to collaborate with international teams, requiring intermediate level English proficiency (B1 or equivalent).

Nice to Have

• Cloud and hybrid environment experience: Knowledge of assessing cloud (AWS, Azure) and/or hybrid environments is advantageous.
• Source code review skills: Experience in conducting source code reviews in your preferred programming language is a plus.
• Social engineering knowledge: Familiarity with preparing and launching social engineering campaigns is beneficial.
• Research and development experience: Involvement in research projects, tool development, or training delivery showcases your initiative and passion for security.

To apply, please send your CV and resume to p.kuzmin (at )so-cyber.com or apply in the form below.