Senior Audit and Compliance Consultant

Alfa are currently recruiting a Senior Audit and Compliance Consultant to contribute all information security auditing activities along with supporting day-to-day information security governance, risk and compliance (InfoSec GRC) activities.

Key responsibilities/activities:

• Collaborate with the Information Security team to ensure Alfa’s ISMS is compliant with ISO 27001:2022 and ISO 27018:2019, and meets the requirements of the AICPA Statement on Standards for Attestation Engagements 18 (SSAE 18) / International Standard on Assurance Engagements No. 3402 (ISAE 3402) System and Organization Controls (SOC) 1 Type 2 and SSAE18 System and Organization Controls (SOC) 2 Type 2.
• Contribute to the audit cycles for all of Alfa’s Information Security auditing requirements (including client audits, internal audits and statutory audits).
• Conduct periodic review and maintenance of Alfa’s Information Security Management System (ISMS) policies, procedures and processes.
• Identify opportunities for improvements in information security controls to contribute to Alfa's growth and development.
• Contribute to the planning of internal, external and client audit requirements including the collection of evidence.
• Conduct physical security audits to ensure that Alfa’s operational locations are compliant with the ISMS.
• Contribute to the completeness of security questionnaires for existing and prospective clients.
• Contribute to the performance of Root Cause Analysis (RCA) for incidents and audit findings.
• Provide consultancy, information security advice and guidance to teams and projects at Alfa.
• Develop improvement plans from continuous internal IT security audits and threat modelling exercises.
• Engage with third-party vendors, establishing and maintaining relationships with those third parties (as required).
• Integrate and collaborate with other project and delivery teams at Alfa, such as: Technical Operations, Internal Solutions, Hosting Operations, Finance and Sales.
• Comply with any other requirements set out in the information security roles and responsibilities.

Required experience /qualifications:

• Bachelor's degree (or equivalent) from a top university.
• Associate Chartered Accountant (ACA) qualification offered by the Institute of Chartered Accountants in England and Wales (ICAEW) (fully qualified).
• Good knowledge and experience of SOC 1 and SOC 2 examination and attestation requirements.
• Experience with both internal and external IT assurance projects/engagements.
• Good knowledge of IT audit techniques.
• Capable of working independently.
• Strong analytical and interpersonal skills with the ability to communicate complex and technical issues clearly and succinctly.
• Eligible to work in the UK without restriction.
• Minimum 3 years experience in related roles. This experience can be from an organisation which is SOC 1 and SOC 2 certified or from working in a major audit firm conducting SOC 1 and SOC 2 audits.

Preferred experience /qualifications:

• Awareness of EU/UK legislation / regulation, such as: Digital Operational Resilience Act (DORA) and Digital Services Act (DSA).
• Application of ISO 27001:2022 Information security, cybersecurity and privacy protection - Information security management systems - Requirements.
• Familiarity with ISO 27001 certification audit process/requirements.
• Application of ISO 27005:2022 Information security, cybersecurity and privacy protection - Guidance on managing information security risks or NIST Risk Management Framework.
• Application of ISO 27018:2019 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
• Awareness of data privacy legislation including GDPR and e-Privacy Regulation.
• Understanding and experience of the 'Three Lines of Defence' model environment.
• Achievement of ISACA Certified Information Security Auditor (CISA), ISACA Certified Information Security Manager (CISM) or equivalent.