CrawlJobs Logo

Senior Information Security Auditor

Spain, Barcelona · Job Posted January 25, 2026
Apply Position
Job Link Share

Job Description

The Senior Information Security Auditor is responsible for leading internal audits, ensuring compliance with security standards, and mentoring junior auditors.

Job Responsibility

  • Leading internal audits
  • Ensuring compliance with security standards
  • Mentoring junior auditors

Requirements

  • Strong background in ISO standards and GDPR
  • At least 5 years of experience in information security or IT audit roles
  • Excellent communication skills
  • Excellent analytical skills

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Information Security Auditor

8 matching positions

Senior Security Auditor

The Senior Security Auditor at NTT DATA will lead the global supply chain securi...
Location
Location
Vietnam , Ha Noi
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6–10+ years of experience in security auditing, security assurance, GRC, or security assessments
  • experience with third‑party/vendor or supply-chain audits is highly preferred
  • demonstrated experience running audit program operations: scheduling, readiness, evidence management, reporting, CAP creation, and remediation tracking to closure
  • working knowledge of ISO/IEC 27001 (ISMS) and common security control domains
  • ability to perform readiness reviews and control mapping
  • solid understanding of enterprise networks and security fundamentals to review network topology/configuration and identify control gaps
  • strong stakeholder management and communication skills
  • able to engage with cross-functional internal teams and partner-site IT teams across geographies
  • excellent written English skills with proven ability to produce structured audit reports, executive summaries, KPIs, and forecasts
  • comfortable working across time zones and managing multiple sites/workstreams
Job Responsibility
Job Responsibility
  • Own day-to-day operations of the global supply chain security audit program, ensuring overall quality control and adherence to customer requirements
  • maintain and continuously update the audit calendar
  • coordinate scheduling with internal stakeholders and third‑party partner sites (e.g., contract manufacturers)
  • plan and execute on-site or virtual audits as required
  • manage audit logistics, evidence requests, meeting agendas, and pre-audit readiness activities
  • assess partner-site network topology and configuration against defined security requirements
  • document gaps, risks, and recommendations
  • produce high-quality audit reports, including findings, severity/risk rationale, and Corrective Action Plans (CAP) where applicable
  • review submitted audit results (from internal/partner contributors) for accuracy, completeness, and quality
  • drive rework where needed
  • Fulltime
Read More
Arrow Right

Senior Information Security Analyst

We are seeking a highly skilled and technically strong (Senior) Information Secu...
Location
Location
Germany , Munich; Berlin
Salary
Salary:
Not provided
hawk.ai Logo
Hawk
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on experience in Information Security, IT Security, or System Administration within a B2B tech or SaaS environment
  • Strong technical competence across multiple operating systems (macOS, Windows, Linux) including admin-level experience
  • Experience with identity and access management tools (e.g., JumpCloud, Okta), MDM solutions, and enterprise security platforms
  • Solid understanding of IT security fundamentals, including authentication, endpoint security, encryption, and network basics
  • Familiarity with ISO 27001 or ISMS operations
  • experience supporting audits or certification maintenance
  • Basic security certifications (e.g., CompTIA Security+, CEH) are highly desirable
  • Fluent German and English — mandatory due to regular customer-facing security discussions
  • Ability to articulate complex technical issues clearly to diverse audiences (engineers, customers, auditors, leadership)
  • Strong documentation skills with attention to accuracy and clarity
Job Responsibility
Job Responsibility
  • Respond to security questionnaires, RFPs, and due-diligence requests in collaboration with Sales and Pre-Sales
  • Participate in customer calls to explain Hawk’s security posture and answer technical, compliance, and infrastructure-related questions
  • Represent Hawk’s security capabilities clearly and confidently to regulated financial institutions
  • Support the ongoing operation and improvement of Hawk’s ISMS, ensuring alignment with ISO 27001 controls and underlying processes
  • Assist in internal audits, evidence gathering, and risk assessments
  • Help maintain certification readiness by driving documentation, process adherence, and corrective actions
  • Provide operational support for core IT & security tools, including JumpCloud (SSO/IdP), MDM, endpoint policies, and access management workflows
  • Support the roadmap toward centralized, secure workstation management — monitoring, controlling, and updating all endpoints across macOS, Windows, and Linux
  • Assist in evaluating and managing security-related 3rd party SaaS tools used across the business
  • Monitor the security posture of Hawk’s corporate tools, infrastructure, and integrations
  • Fulltime
Read More
Arrow Right

Information System Security Engineer - Senior

In support of a challenging, critical, and rewarding program that provides integ...
Location
Location
United States , Warrenton
Salary
Salary:
185000.00 USD / Year
amentum.com Logo
Amentum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must have active Top-Secret clearance with SCI or TS with the ability to acquire SCI
  • Knowledge and experience with NESSUS/ACAS and Trellix administration
  • Experience in Splunk role while working in a Splunk Clustered Environment
  • Must be able to work a 40-hour work week, normally Monday through Friday
  • Ability to work overtime during critical peaks and be available to meet last-minute requests for overtime if needed
  • Ability to travel (5-10%) primarily within 75 miles
  • Familiarity with MS Office applications such as Excel, Word, Outlook, SharePoint, Project, and Visio
  • Exceptional attention to detail
  • excellent verbal and written communication skills
  • strong critical thinking, organizational, time-management, and problem-solving skills
Job Responsibility
Job Responsibility
  • Endpoint Security Engineering (Trellix/ePO): Expertly design, configure, and maintain Trellix components (ePO, Trellix Agent, DLP, HIPS, Policy Auditor, ABM, and VSE) across Windows and Linux environments
  • Author and deploy endpoint security policies for ENS modules (Threat Prevention, Firewall, Web Control) based on DISA STIGs and organizational needs
  • Develop custom signatures, rules, and exceptions to address zero-day threats and specific operational requirements
  • Validate custom exceptions to ensure uninterrupted operation of mission-critical processes without compromising compliance
  • Vulnerability Management (ACAS/Nessus): Design enterprise-wide vulnerability scanning strategies and manage the deployment of Security Centers and Nessus scanners
  • Serve as the final escalation point for complex scan issues, credentialing problems, and system communication failures
  • Configure automated reporting of compliance data to continuous monitoring systems and risk-scoring repositories
  • Security Integration & Engineering: Integrate Trellix and ACAS with tools such as Splunk, XSOAR, and ServiceNow to automate workflows and enhance incident response
  • Provide authoritative recommendations and ACAS-generated artifacts to support the Assessment and Authorization (A&A) process and RMF packages for Authority to Operate (ATO)
  • Lead the maintenance and scalability of test, development, and operational environments, collaborating with Network and DevSecOps teams to enhance resilience
What we offer
What we offer
  • Health, dental, and vision insurance
  • Paid time off and holidays
  • Retirement benefits (including 401(k) matching)
  • Educational reimbursement
  • Parental leave
  • Employee stock purchase plan
  • Tax-saving options
  • Disability and life insurance
  • Pet insurance
  • Fulltime
Read More
Arrow Right

Information System Security Engineer - Senior

In support of a challenging, critical, and rewarding program that provides integ...
Location
Location
United States , San Antonio
Salary
Salary:
160000.00 - 175000.00 USD / Year
amentum.com Logo
Amentum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must have active Top-Secret clearance with SCI or TS with the ability to acquire SCI
  • Experience in Splunk role while working in a Splunk Clustered Environment
  • Knowledge and experience with NESSUS/ACAS and Trellix administration
  • Must be able to work a 40-hour work week, normally Monday through Friday
  • Ability to work overtime during critical peaks and be available to meet last-minute requests for overtime if needed
  • Ability to travel (5-10%) primarily within 75 miles
  • Familiarity with MS Office applications such as Excel, Word, Outlook, SharePoint, Project, and Visio
  • Exceptional attention to detail
  • excellent verbal and written communication skills
  • strong critical thinking, organizational, time-management, and problem-solving skills
Job Responsibility
Job Responsibility
  • Experience creating custom dashboards, writing queries, building, and generating reports, and setting up alerts and notifications using all the Cyber tools (Splunk, Tenable, Trellix)
  • Demonstrated proficiency with recognizing and onboarding new data sources into the cyber tools and analyzing the data for anomalies and trends
  • Primarily responsible for maintaining the test and operational environments to include all cybersecurity tool sets and collaborating with systems and network engineers
  • Use knowledge, skills, and ability to conduct research for designing, integrating, and implementing security controls into current and future products/systems thus ensuring these systems can be accredited based on compliance with the Joint Special Access Program Implementation Guide (JSIG)
  • Recommend the components to implement system security requirements using intimate knowledge of security design best practices for information systems throughout the system development life cycle to support the generation of security engineering products
  • Assist with the design, deployment, and administration of a multi-site, distributed Splunk environment including Multi-site Clustering, Search Head Clustering, Universal Forwarders, Deployer, and Deployment Server
  • Configure, operate, and maintain Trellix and its components (ePolicy Orchestrator, Trellix Agent, Data Loss Prevention, Host Intrusion Prevention System, Policy Auditor, Asset Baseline Monitor, and Virus Scan Enterprise) on Windows and Linux creating exceptions to allow essential processes to continue uninterrupted
  • Administration/operation of information security compliance tools/platforms with a special concentration in managing Tenable Security Center and NESSUS
  • Provide Tier 1, 2, and 3 maintenance support for deployed cyber security technologies
  • Assist with periodic and regular security assessments
What we offer
What we offer
  • Health, dental, and vision insurance
  • Paid time off and holidays
  • Retirement benefits (including 401(k) matching)
  • Educational reimbursement
  • Parental leave
  • Employee stock purchase plan
  • Tax-saving options
  • Disability and life insurance
  • Pet insurance
  • Fulltime
Read More
Arrow Right

Principal Auditor (Experienced Senior Auditor), Global Payment Network

Capital One is seeking an energetic, self-motivated Principal Auditor interested...
Location
Location
United States , Riverwoods; Chicago; McLean; Plano; New York; Charlotte
Salary
Salary:
119400.00 - 163500.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 3 years of experience in internal or external auditing, accounting, financial analysis, information systems, compliance, risk management or a combination
  • At least 3 years of experience in global payment network operations and banking or financial services, or a combination
Job Responsibility
Job Responsibility
  • Plan, perform, and lead large/complex audits at the enterprise level as well as other diverse lines of business and specialty areas
  • Perform risk assessments of business activities, potential exposures and materiality of loss
  • Design and perform audit procedures, including identifying and defining issues, reviewing and analyzing evidence, and documenting processes
  • Leverage available data and analytical tools during the planning, fieldwork, and reporting phases of audit delivery
  • Effectively review and compile relevant, material findings and recommendations into readable and concise audit reports
  • Communicate the results of audit projects to management via written reports and compelling oral presentations
  • Provide significant input into the development of the annual audit plan
  • Design and execute internal control testing for standardized operations of moderate complexity with more than one component, including finance, IT, compliance, credit, security
  • Provide risk management advice and counsel to business leadership on best practices
  • Establish and maintain good working relationships with line management and auditees during engagements
What we offer
What we offer
  • comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • Fulltime
Read More
Arrow Right

Sr. Manager, Information Technology and Information Security Risk

Sr. Manager, Information Technology and Information Security Risk Hybrid Work Sc...
Location
Location
United States , Reston
Salary
Salary:
Not provided
tier4group.com Logo
Tier4 Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Security, Cybersecurity, Risk Management, or related fields (or equivalent work experience) preferred
  • 8–10 years of relevant experience in information security or risk management roles with experience in financial services, banking, payments, fintech, or related regulatory environments preferred
  • Experience with data analytics and visualization tools (e.g., Power BI, Tableau, or Python)
  • Experience working in a regulated financial services or technology environment
  • CRISC, CISSP, CISM, Security+ or CGEIT or similar certifications
Job Responsibility
Job Responsibility
  • Evaluate and provide independent challenge regarding the alignments of the organization’s IT and IS strategy with enterprise business objectives, risk appetite, and regulatory expectations
  • Review and assess the adequacy of information technology and security risk assessments across applications, infrastructure, and business processes
  • Partner with IT project teams to influence decisions related to technology architecture, cybersecurity controls, system implementations, and operational risk mitigation strategies
  • Evaluate new and existing systems, platforms, and SAAS integrations for cybersecurity risks and regulatory compliance impacts
  • Conduct third party and vendor security risk assessments, including review of SOC 1/SOC 2 reports, SIG questionnaires, penetration testing results, and remediation plans to ensure vendor information security practices align with OF expectations
  • Provide effective second-line oversight and credible challenge related to cybersecurity incidents, operational disruptions, and emerging technology risks, including analysis of potential impacts to customer data, financial systems, and regulatory obligations
  • Collaborate with business units and technology teams to identify, document, and monitor risks, ensuring remediation activities meet regulatory timelines and internal risk appetite
  • Oversee the implementation of information technology and security risk management policies and the Cyber-Security Incident Response Plan
  • Conduct cyber security awareness training and education through periodic email phishing tests, in-person and computer-based training, presentations to employees, and security related tabletop exercises
  • Monitor the status of remediation for IT and IS related issues and ensure that the remediation documentation is complete and adequate
  • Fulltime
Read More
Arrow Right

Global Senior Security Manager

We are seeking a seasoned security leader to partner with our CISO in protecting...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 210000.00 USD / Year
alterdomus.com Logo
Alter Domus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years in cybersecurity with at least 5 years in a leadership role managing global, cross-functional teams
  • Proven track record of representing security at C-suite and board level, translating complex risk into clear business narrative
  • Experience in financial services or a similarly regulated industry (FCA, PRA, DORA, SOX, PCI-DSS)
  • Familiarity with deploying AI security frameworks such as NIST AI RMF 1.0, MITRE ATLAS, and financial services AI governance standards
  • Practical knowledge of implementing AI-powered security tools to automate detection, response, and guardrail enforcement
  • Familiarity with AI model risk, LLM threat surfaces, data poisoning, prompt injection, and adversarial ML attack vectors
  • Familiarity with enterprise security tools
  • Broad exposure to endpoint protection, vulnerability management, CSPM, DLP, and email security platforms
  • CISSP, CISM, or CRISC — one or more preferred
  • CCSP or equivalent cloud security credential
Job Responsibility
Job Responsibility
  • Support CISO in key decision making and regulatory meetings — presenting risk posture, programme status, and strategic recommendations with clarity and confidence
  • Build, mentor, and manage high-performing, globally distributed security teams spanning multiple time zones and functions
  • Define and execute the enterprise security roadmap aligned with business strategy and applicable regulatory requirements (FCA, PRA, DORA, SOX, PCI-DSS)
  • Lead end-to-end transformation of Identity & Access Management (IAM) and Privileged Access Management (PAM), including strategy, tooling selection, and programme delivery
  • Drive implementation of an Identity Governance & Administration (IGA) framework — encompassing joiner/mover/leaver processes, role engineering, access certification, and policy enforcement
  • Oversee deployment and maturation of PAM controls, credential vaulting, just-in-time access, and session monitoring to eliminate over-privileged accounts across the enterprise
  • Establish access management metrics and KPIs reported to executive leadership and regulators
  • Lead the Zero Trust Architecture (ZTA) transformation programme — defining principles, technology roadmap, and phased rollout across on-premises, cloud, and hybrid environments
  • Drive AI-augmented network and security architecture, leveraging machine learning for anomaly detection, automated policy enforcement, and predictive threat modelling
  • Build and operationalise a Network Operations (NetOps) operating model — defining governance, runbooks, escalation paths, and SLA frameworks for a globally resilient network
What we offer
What we offer
  • Support for professional accreditations
  • Flexible arrangements, generous holidays, plus an additional day off for your birthday
  • Continuous mentoring along your career progression
  • Active sports, events and social committees across our offices
  • 24/7 support available from our Employee Assistance Program
  • The opportunity to invest in our growth and success through our Employee Share Plan
  • Plus additional local benefits depending on your location
  • Fulltime
Read More
Arrow Right

Technology Senior Auditor

The Technology Senior Auditor participates in the timely delivery of high qualit...
Location
Location
Kenya , Nairobi
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • University Degree (preferably IT related such as Computer Science, Information Technology)
  • At least 5 years of experience of auditing or managing IT infrastructure systems or applications in a medium to large scale environment, preferably in Banking and Finance field, with strong understanding of related IT risks, controls, and regulations
  • Specific areas of experience should include cyber risks and controls within the ICT systems and related third-party connections, cybersecurity framework, understanding of threat and vulnerability assessment tests, and penetration tests
  • Additionally, experience should include Desktop and Server technologies including virtualization and Cloud operations, Databases, Middleware, data and voice networks, Software Development and Production Support practices, Cybersecurity management, and the ITIL general controls processes including IT Governance and IT Program/Project Management
  • Demonstrated analytical ability to understand IT control issues and related risks and controls, to identify root cause and recommending solutions
  • Strong written and verbal communications skills in English with ability to clearly articulate issues and facilitate identification and implementation of solutions
  • Preferred with relevant professional qualifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP)
  • Preferred experience in designing or using Computer Assisted Audit Tools and Techniques (CAATTs)
  • Working knowledge of the modern banking technology systems
  • Good project management and interpersonal skills
Job Responsibility
Job Responsibility
  • Understand and grasp the audit methodology, corporate standards, and internal control processes and use this knowledge to execute audit reviews
  • Participate in technology audits by identifying key risks and controls, develop and execute control assessment plans, draft control issues and present them to the technology management, discussing practical solutions
  • Execute audit assignments through effective collaboration with other audit teams within budgeted timelines and costs
  • Monitor the risk and control environment of the Technology and Cybersecurity operations including emerging risks by interacting with management and providing feedback through the Business Monitoring process
  • Assess impact of applicable regulations to the technology processes and adequacy of controls for compliance
  • Develop and maintain effective line management relationships for a no-surprises approach
  • Assess appropriateness and sustainability of pragmatic solutions for risk mitigation
  • Deliver the audit work assigned to a high quality in accordance with the requirements of the Quality Assurance scorecard/ IA methodology
  • Actively contribute to the automated auditing initiative for efficient and continuous control monitoring
  • Contribute to various corporate strategic initiatives by active participation and proactive stakeholder engagement
  • Fulltime
Read More
Arrow Right