Senior Internal Auditor (IT & Security)

Responsibilities

• ISO 27001 Certification & Compliance
• Lead and coordinate all activities required to achieve ISO/IEC 27001 certification, acting as the organization's primary subject matter expert throughout the process.
• Conduct gap analyses against the ISO 27001 standard, identifying control deficiencies and defining a prioritized remediation roadmap.
• Design, develop, and implement an Information Security Management System (ISMS) aligned with ISO 27001 requirements.
• Collaborate with IT, Security, HR, Legal, and business unit stakeholders to embed ISMS controls into day-to-day operations.
• Prepare and maintain all mandatory ISO 27001 documentation including the Statement of Applicability (SoA), risk treatment plans, and control policies.
• Liaise with external certification bodies, managing the certification audit process from pre-audit preparation through to successful certification.
• Monitor post-certification compliance and coordinate annual surveillance and recertification audits.
• Independent IT & Security Internal Audits
• Plan, execute, and report on independent ISO 27001 internal audits across all applicable departments and business units in accordance with the audit plan.
• Assess the design and operational effectiveness of information security controls, identifying risks, weaknesses, and areas of non-conformity.
• Conduct technical reviews covering areas such as access management, change management, vulnerability management, network security, incident management, and data protection.
• Produce clear, evidence-based audit reports with well-articulated findings, risk ratings, and actionable recommendations.
• Present audit results to process owners and senior management, facilitating understanding and acceptance of findings.
• Audit Plan Execution & Departmental Contribution
• Execute or co-lead IT, operational, and compliance audits as defined in the approved annual Internal Audit Plan.
• Participate in integrated audits alongside colleagues covering financial, operational, and regulatory topics.
• Document audit fieldwork, evidence, and conclusions accurately in the internal audit management tool/application in accordance with departmental standards.
• Conduct structured follow-up procedures to track implementation of management action plans and verify that agreed corrective actions have been effectively remediated.
• Maintain an up-to-date audit findings register and provide regular status updates to the Director of Internal Audit.
• Cross-Functional Projects & Advisory
• Contribute to company-wide initiatives relevant to Internal Audit, including corporate policy reviews, information security policy updates, and standards alignment.
• Participate in enterprise risk assessment processes, providing IT and security risk perspectives and supporting the maintenance of the risk register.
• Support business continuity planning (BCP) and disaster recovery (DR) reviews, assessing control frameworks and readiness levels.
• Act as an internal advisor on IT security and audit-related matters for project teams, providing control design guidance at appropriate stages.
• Stay current with evolving information security threats, regulatory developments, and audit methodologies, sharing knowledge within the team.
• QUALIFICATIONS & EXPERIENCE
• Education
• Bachelor's degree in Information Systems, Computer Science, Cybersecurity, Business Administration, or a related field. A Master's degree is an advantage.

Requirements

• Minimum 4-6 years of experience in IT audit, information security, or a combined role.
• Proven, hands-on experience with ISO/IEC 27001 - either leading or significantly contributing to a certification project.
• Demonstrate

Benefits

Additional Information

The world's top banks use Zafin's integrated platform to drive transformative customer value. Powered by an innovative AI-powered architecture, Zafin's platform seamlessly unifies data from across the enterprise to accelerate product and pricing innovation, automate deal management and billing, and create personalized customer offerings that drive expansion and loyalty. Zafin empowers banks to drive sustainable growth, strengthen their market position, and define the future of banking centered around customer value. ROLE OVERVIEW The Senior Internal Auditor - IT & Security plays a pivotal role in strengthening the organization's information security posture and governance framework. Sitting within the Legal, Compliance, Risk & Audit (LCRA) division and reporting directly to the Director of Internal Audit, this position carries two primary mandates: leading the company's ISO/IEC 27001 certification journey and delivering independent, risk-based IT and security internal audits. Beyond the ISO 27001 remit, the role contributes to the broader internal audit function - executing audits across the approved annual audit plan, managing findings through the audit lifecycle, and supporting cross-functional initiatives including policy reviews, risk assessments, and business continuity planning.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at zafinlabsamericasinc? Share your experience