A. Overall Purpose Of The Job (Brief description of the primary purpose of this position)
Executes internal compliance program as per the overall strategic information security plan of Aspire Lifestyles in accordance with customer requirements, certifications requirements, and cyber security requirements. A key element of this role is to work with internal stakeholders in business lines and support function.
B. Key Responsibilities (Critical responsibilities and skills of this position, listed in order of importance)
Internal Audit: Perform continuous internal assessments of IT security practices, policies, and controls to improve the organization’s overall security posture.
Compliance Reporting: Generate and maintain detailed reports on compliance status, tracking progress on audit findings, risk mitigations, and security controls implementation.
Control Gap Identification & Remediation: Identify non-conformities and compliance gaps within the Information Security Management System (ISMS). Work with key stakeholders to implement corrective actions and new controls.
Collaboration with IT Teams: Collaborate with IT teams to ensure that security controls are effectively integrated into all systems and processes.
Internal Audit Program Support: Assist in executing the internal audit program, reviewing the effectiveness of information security controls, and ensuring corrective actions are implemented as part of the continuous improvement cycle.
Policy and Control Review: Conduct regular review of information security policies and procedures to ensure they remain updated with evolving security best practices.
Employee Awareness & Training: Develop and deliver internal training sessions on information security standards, audits, and compliance to foster a culture of information security awareness.
Support the Manager of Audits, Certifications and Attestations in executing internal compliance program.
C. Job Profile
Required Competencies & Work Experience (Critical behaviors necessary to successfully perform the job)
Diploma or Degree in technology-related field required.
Minimum of 2 to 5 years of experience with Internal and External audit for ISO 27001/IT General Controls (ITGC), including planning & conducting internal IT audits, and monitoring compliance such as ISO 27001 framework.
At least attended basic training on Introduction to Internal Audit ISO27001/ Experience who runs training to internal stakeholders on ISO27001 audit
Professional security certifications such as ISO/IEC 27001 Lead Auditor/Lead Implementor will be an added advantage.
Excellent written and verbal communication skills and a high level of personal integrity