The primary responsibility of the ISO27001 Information Security Auditor is to effectively and efficiently manage the Information Security Management System for our Video and Radio Organizations.
This will require frequent communication and potentially site visits throughout the US where we design our products. Travel 15-25%.
The ISO Information Security Lead Auditor is responsible for the overall success of the Information Security Management System for NALA with primary focus on 27001 certification.
Key responsibilities include :
Structure ISO27001(Information security), ISO27701, ISO27017, ISO27018 compliance for each organization and when there is a customer need champion the efforts to become certified.
Develop and drive a continuous improvement plan for the region, driving best practices and repeatability.
Manage a Lessons Learned process that will close gaps and leverage best practices across the NALA region as well as globally throughout the audit process.
Assist and guide organizations in best practices for writing process documents and align to common IMS processes where applicable.
Manage the end-to-end lifecycle of a risk-based, audit project from initiation, planning, testing, and reporting of results to complete an audit on time.
Design and execute risk-based audit programs / projects to scalably test and provide in-depth reporting on the design and operating effectiveness of key security controls that mitigate technological risks to MSI and its users.
Deliver audit reports to executive leadership with data-driven findings / observations and conduct follow ups with management to ensure remediation of control gaps or deficiencies.
Coordinate audits with management and users, interpret the significance of findings, conclude on those findings, and make practical recommendations
Train the organizations on 27001 requirements.
Project manage an organization and / or site to achieve 27001 certification through the MSI Steps to Compliance. .
Manage the external audit process with the certification body.
Preferred candidates will have ISO 27701, 27017, 27018, and SOC2, training and knowledge.
Experience with 31000 in Risk Management Structure
Proficient in writing process and procedural documents to comply with ISO requirements
Highly organized, strong attention to detail, capable of significant multi-tasking and follows all tasks through to completion in a timely manner and works with a sense of urgency.
Strong project management skills.
The ability to communicate clearly (both written and verbal) in English
The ability to understand Motorola’s organizational structure and how to align certificates across multiple businesses and locations.
Proficient in Google Applications and a willingness to learn and utilize new tools within the organization that support ISO certification.
Experience with Oracle or SAP a plus.
Ability to foster teamwork within the various organizations.
Also, to reward your hard work you’ll get :