Cyber Security Audit and Assurance Principal
Role summary
A Cyber Security Audit & Assurance uses their knowledge and experience to understand business scenarios, communicate the issues and recommend next steps. They support and guide other Cyber Security Audit & Assurance.
Role expectations
At this role level you will:
- Focus on finding deficiencies in the testing, monitoring and management of security controls, so that an organisation’s data and information systems are secured
- Assess the correctness of cyber security risk assessments and risk management plans, taking account of the organisation’s business goals
- Produce detailed plans for cyber security audits
- Use specific auditing tools to conduct efficient audits
- Audit the implementation, operation and maintenance of security controls
- Review compliance with legal and regulatory requirements
- Provide expert advice on audit, assurance and risk management
- Implement the Cyber Security Policy, Standards and Cyber Security Assurance Framework
- Write formal reports, and sometimes deliver oral briefings, on the findings of audits and compliance reviews
- Present findings to colleagues and managers, in both cyber security and general roles
- Convince stakeholders of the importance of audit, assurance and security
Entry route and progression
Accreditation
For further information on accreditation in this role see the UK Cyber Security Council’s guide on audit and assurance.
