Cyber Security Audit and Assurance

Role overview

A Cyber Security Audit and Assurance uses their knowledge and experience to understand business scenarios, communicate the issues and recommend next steps. They support and guide other Cyber Security Audit & Assurance.

In this role, you will:

Cyber Security Audit and Assurance focuses on verifying that the specified cyber security controls have been implemented in accordance with the risk management plan, with assessments of threats and vulnerabilities. Attention to detail helps to spot potential inconsistencies in processes and policies. Formal methods should be followed, but there also needs to be an imaginative side in identifying points of failure and the most effective areas to investigate.

Auditing and Assurance is important work, since even the most sophisticated cyber security controls will be ineffective if they are improperly installed or maintained. Errors are bound to be made; audit and assurance, when carried out professionally, is the last line of defence against such errors. Interviewing staff members to learn of risks or issues present within the organisation is common, therefore, managing relationships carefully is important.

There needs to be an understanding of the legal and regulatory standards on data protection and privacy, which is considered when assessing the compliance of a system. Projects may include complex issues such as advanced data analytics and IT governance, as well as playing a role in delivering an organisation’s education and awareness programmes to target areas of non-compliance and embed security in business practices.

When an audit is carried out, the results are presented clearly so that both technical staff and general management understand the key points. In some cases, these may include recommendations on system upgrades or decommissions, providing the organisation with the cost/benefit analysis of these recommendations.

Principal

Lead