Internal ISMS Auditor at George Houston Resources Limited

JOB DUTIES / DESCRIPTION

• Be the business’ liaison with external ISMS auditors. 
• Develop and implement comprehensive audit plans aligned with organizational risk 
• assessments and relevant standards. 
• Conduct audits of Company’s ISMS based on ISO 27001 standards to assess compliance and identify areas for improvement. 
• Conduct independent and objective assessments of the ISMS, evaluating the design, implementation, and effectiveness of information security controls. 
• Identify vulnerabilities, control weaknesses, and non-compliance issues through interviews, document reviews, testing procedures, and other established audit methodologies. 
• Identify and assess Company’s information security risks and develop audit reports detailing findings, recommendations, and corrective actions with recommended mitigation measures. 
• Stay updated with industry trends, standards, and regulations related to information security through professional development activities and participate in information security continuous improvement initiatives to enhance the effectiveness of the ISMS. 
• Collaborate with stakeholders across various departments to implement corrective actions effectively. 
• Explain audit findings and recommendations to management and relevant parties, ensuring understanding and buy-in for proposed actions. 
• Collaborate effectively with diverse stakeholders to ensure alignment with Information Security Management policies, procedures, guidelines, and processes. 
• Responsible for creating ISMS-related Documents/Checklists/Policies/SOPs, 
• conducting ISMS Audits, and driving ISMS-related activities. 
• Review and customize cyber security training and awareness materials when needed and conduct training on specific programs. 
• Support FPG Technologies and Solutions Limited in maintaining ISO 27001 
• certification. 
• Review and update audit methodologies and tools based on emerging threats, best practices, and organizational changes. 
• Adhere to strict legal and ethical standards and organizational information security policies when handling sensitive data obtained during the audit process. 
• Report deficiencies and opportunities for improvement to the management. 
• Produce transparent metrics on ISMS performance to inform the whole company. 
• Provide training and advice on ISO matters and the ISMS processes to employees.
• Encourage an environment of knowledge sharing, personal development, and continuous improvement. 

QUALIFICATION / TECHNICAL REQUIREMENTS

• A bachelor’s degree in technology or engineering, Information or Cyber Security, Computer Science, or a related field. 
• Minimum of 3 years post NYSC experience in information security, risk management, or IT auditing; 2 of which in a role or function related to Information Security Audit. 
• Significant experience in ISO 27001 standards for consulting, collaboration, 
• implementation & auditing is highly desirable. 
• Experience planning, preparing, and delivering internal and external audits, including Compliance Audits. 
• Experience and knowledge of Cyber/Information Security Governance, Risk 
• Management, and Compliance. 
• Knowledge of information security controls, risk assessment methodologies, and vulnerability management principles. 
• Time management, organizational, and excellent analytical and problem-solving skills. 
• Proficient in writing clear, concise audit reports with effective communication skills for technical & non-technical audiences. 
• Ability to work under pressure, meet deadlines, and maintain a positive attitude. 
• Excellent written and verbal communication skills in English 
• Excellent interpersonal skills. A good attitude to teamwork. Ability to establish positive working relationships within a dynamic team. 
• Able to work independently and with some autonomy. 
• Good organization skills and detail-oriented mindset.
• AGE : 35-45 years