Role

Reporting to the Group Head of Information Security & Risk the IT & Cyber Audit Manager will be responsible for performing technology, cybersecurity, and compliance audits in the areas of design, efficiency and effectiveness of internal security controls.

The position schedules and plans audits, monitors fieldwork progress and communicates the results to senior management. The position will be responsible for auditing technology controls across the Davies Group ISO 27001 framework as well as being primary support for our wider customer and partner audits and due diligence.

This position will give exposure to a wide range of IT disciplines and stakeholders across the Davies Group, and potentially some international experience. You will use your experience and understanding of the risks facing the business to help shape and deliver insightful audits. You will be responsible for leading individual audit reviews and managing the timely production of high-quality concise reports framing your findings.

The role requires a hands-on approach to Information Security and Cyber Audit to ensure continued compliance with our ISO27001:2013 certification and other industry standard frameworks. This includes performing appropriate due diligence across our M&A workstreams.

 You shall work collaboratively with various stakeholders to ensure success with all Information Security, Risk and GRC related programs. You will be a key part of the team, working within a global professional services and technology firm who pride themselves on providing the highest standards of service to its clients.

Duties and Responsibilities 

  • Creation and implementation of rolling audit schedule for maintenance of ISO 27001
  • Future planning for inclusion of new M&As into Davies Group scope
  • Performance of internal audits
  • Presentations of updates at the Information Security & Cyber Risk Committee
  • Identify weaknesses of controls and help drive appropriate improvements
  • Demonstrable experience of assessing and managing risk
  • Engagement with stakeholders to assist in closing out audit findings
  • Conducting IT 3rd party audits as required
  • Responsible for a team of assurance analysts to ensure customer and partners information requests are completed within SLA
  • Point of contact for all IT & Cyber audit requests
  • Key Experience / Skills:

  • Must have significant experience maintaining ISO27001 and managing external audits
  • Must possess a strong knowledge of data protections regulations and best practice
  • Must be comfortable performing regular internal audits
  • Demonstrable experience in building relationships across the business
  • Professional certification (ISO 27001 Lead implementer/CISM/CISSP/CRISC)
  • A firm grasp of IT and Cyber risk management and controls
  • Excellent communication and stakeholder management skills
  • Prior experience of performing audit or assurance reviews
  • Experience in a risk and controls environment
  • Previous experience in cyber and data security advantageous
  • CISA or CISSP certifications highly desirable
  • Person Specification:

  • Dedicated to the audit discipline but pragmatic and adaptable with the tenacity to get things done
  • Excellent communicator with the ability to deliver updates in a range of styles and formats to various levels in the organisation
  • Recognises audit as a business enabler to demonstrate continuous improvement
  • Elastic thinking with a growth mindset
  • Well organised, focussed with strong attention to detail
  • Must be self-starting, able to define and drive deliverables through to completion
  • Continually strives to improve themselves and those around them