Information Security Auditor

About the role

The Information Security Auditor will independently plan, execute, and report on audits of Zones’ Information Security Management System (ISMS) and Privacy Information Management System (PIMS). Reporting to the CISO, the role drives continuous improvement of the security posture, identifies risks, and delivers actionable recommendations to senior leadership.

Key responsibilities

• Develop, maintain, and execute the internal audit plan under the direction of the CISO.
• Conduct process, technical, and compliance audits aligned with ISO 27001/27701 standards.
• Validate the effectiveness of security controls across infrastructure, applications, and processes.
• Assess compliance with regulatory, contractual, and corporate requirements.
• Identify gaps and risks, and recommend corrective and preventive actions.
• Prepare concise audit reports with clear findings, root causes, and recommendations.
• Present audit results to the CISO and the Information Security Steering Committee.
• Track remediation progress and report status updates to leadership.
• Support the CISO in preparing for external audits such as ISO, SOC 2, and client/vendor assessments.

Required profile

• Bachelor’s degree in Information Security, Computer Science, or a related discipline.
• Proven experience conducting audits against ISO 27001, ISO 27701, SOC 2, or similar frameworks.
• Strong analytical mindset with high integrity, independence, and objectivity.
• Excellent communication skills and the ability to influence cross‑functional teams.

Required skills

• Deep knowledge of ISO 27001:2022 and ISO 27701 standards.
• Familiarity with NIST CSF, SOC 2, PCI DSS, and CIS Controls.
• Understanding of cloud environments (Azure, Office 365) and IT infrastructure security controls.
• Strong audit methodology, documentation, and reporting capabilities.