Internal Auditor

Role Summary:

The Internal Auditor promotes, develops, and manages the Company’s Internal Audit program by conducting internal audits against the relevant Management System Standards (ISO 27001; ISO 20000-1; ISO 22301) and other frameworks and assurance audits (SOC 1 and SOC 2; PCI DSS). The Internal Auditor facilitates the evidence gathering process for external audits and ensures that external and internal findings are addressed on time by the relevant owners within the Organization.

The Internal Auditor drives continuous improvement throughout the organization and facilitates the creation, implementation, review, and auditing and of all business processes within the Organization.

Job Scope/Supervision:

The Internal Auditor will interact with all teams and departments at GTT when performing internal audits and might request evidence for compliance with the applicable standards from anyone in the Organization in scope of the certification.

The Internal Auditor reports to the Senior Manager, Audit and Compliance. The Senior Manager, Audit and Compliance is ultimately responsible for the Internal and External Audit Programs. The Senior Manager, Audit and Compliance organizes the external audits and communicates with the external auditors/certification bodies.

Duties and Responsibilities:

Audits

• Gathering evidence from various departments and reviewing the evidence before submission to external auditors.
• Preparing relevant teams for external audits.
• Conducting internal audits, gap assessments and regular checks to evaluate GTT compliance with ISO standards and other assurance audits relevant to the organization, which can include SOC 1 & SOC 2, PCI DSS, SOX ITGC, NIST, NIS2, GDPR, etc.
• Completing internal audit reports and gap assessment checklists and updating the GRC tool.

Continuous Improvement

• Managing the Corrective Action Log (CAL): ensuring findings are tracked; obtaining updates from action owners and following up through the completion of findings.
• Follow up on actions from the CAL weekly meetings and updating the GRC tool accordingly.
• Facilitating in conjunction with the internal audit team the completion of a root cause analysis for non-conformities to ensure the underlying issues are fully understood and appropriate actions are taken to resolve the issue.
• Completing an effectiveness review after the implementation of the corrective action relating to a non-conformity to verify the corrective action has successfully resolved the issue.
• Produce reports for Management Review meetings; analyze the data and identify any trends in terms of findings with the Senior Manager, Audit and Compliance.
• Manage and continuously improve the Management System.

Required Experience/Qualifications:

• Working knowledge of ISO Management systems (ISO 20000-1, ISO 27001, and ISO 22301).
• ISO 20000-1 and ISO 27001 Internal/Lead Auditor Certification is desirable.
• Experience of internal auditing, reporting, findings status tracking/resolution.
• SOC 2 auditing/testing/collecting evidence experience is desirable.
• ISO 22301; PCI DSS, NIST, GDPR, SOX ITGC experience is a plus
• Work experience with GRC tools; SharePoint

Desirable Experience/Qualifications:

• Experience of working in the IT industry or Telecommunications sector is desirable
• Good Document management skills
• Experience of process mapping
• Pragmatic, able to make sensible and easily implemented business decisions
• Able to handle pressure and work alone or as part of a team whilst taking personal ownership and accountability to set priorities and meet strict deadlines
• Excellent organizational, communication (both oral and written), interpersonal and analytical skills with an ability to communicate at all levels within the organization
• Good attention to detail
• Personal commitment to deliver to a high standard and ability to motivate and teach others

Hours/Travel/Shift:

Regular working hours. Remote working is acceptable. Travel to GTT office locations might be required sometimes for internal audits or to support external audits in GTT’s offices.