Senior Auditor / Program Manager – Information Security Assurance

Company Description

SGS is the world’s leading inspection, verification, testing and certification company. SGS is recognized as the global benchmark for quality and integrity. SGS operates a network of over 2,000 offices and laboratories around the world. SGS Knowledge NZ is a division of SGS New Zealand which provides certification, independent assessment, assurance verification and training services.

Job Description

This is a full-time and senior position for an experienced and qualified Information Security (InfoSec) Assurance Senior Lead Auditor and the applicant must have considerable experience in auditing of Information Security Assurance management systems and controls for a third-party Certification Agency. As a Lead Auditor with SGS Knowledge NZ, you will plan and undertake InfoSec reviews, audits and assessments in accordance with SGS Certification policies, procedures and the requirements of codes, standards and regulatory requirements. A the Program Manager, you will take responsibility for the management and coordination of the service offerings in the Information Security Assurance Program for SGS NZ, in accordance with global program and procedural requirements and  in alignment with SGS country and regional business plans and global business strategies.

Specific responsibilities of this role include:

• Establish, implement and maintain the Information Security Assurance programs and associated service offerings for SGS Knowledge NZ, ensuring that these are effectively managed and coordinated, in accordance with SGS global policies, procedures and Accreditation requirements and aligned with both Regional (SEAP) and Global business development strategies.
• Maintain and develop qualifications and recognition as a Management Systems Certification Lead Auditor in multiple Information Systems Management Systems (ISMS) standards.
• Maintain and develop knowledge of national and international programs, standards, industry and sector codes and legislative requirements in relation to Information Security Assurances.
• Plan, lead and conduct information security assurance audits and assessments and across a diverse range of information systems platforms, in both the service and manufacturing sector organisations 
• Undertake management systems and program certification assessments and audit activities in accordance with SGS Accreditation policies, procedures and management systems requirements.
• Lead audit and assessment teams, as required, ensuring that team members are adequately briefed so that audit / assessment outcomes are achieved, quality of service is maintained and that effective working relationships are sustained both with Clients and within the team.
• Provide an assessment decision and clearly communicate corrective action requirements, where appropriate, including recommending the issue, re-issue or withdrawal of certificates, and report recommendations in accordance with SGS policy, procedures and prescribed timeframe(s).
• Maintain and continue to develop your audit / assessment skills, knowledge of management system standards and other requirements and specialised knowledge of current and emerging technology.
• Establish and develop effective partnerships, which secures the commercial relationship and encourages opportunities for business development and increased satisfaction with clients in your portfolio

Qualifications

• A postgraduate Masters or Degree qualifications in information systems management and administration, computer applications, programming and network architecture is a requirement.
• Lead Auditor recognition and audit experience as a Lead Information Management Systems Auditor with a Certification Agency, with evidence of this experience and recognitions is a requirement. i.e. ISO 27001, ISO 27701, ISO 27018, ISO 27017, and ISO 22301 
• Qualifications as a Lead Auditor across a wide range and number of NACE codes and/or SGS Technical Area Qualification (TAQ) Codes would be advantageous.
• Lead audit experience and recognised qualifications in auditing other management systems programs, for a Certification Body, including ISO 45001, ISO 9001 and/or ISO 14001, would be advantageous.
• Previous experience in an Information Security Assurance or other audit / assessment program management and / or business and/or product development role is desirable.
• Knowledge and experience in OT/SCADA systems and undertaking assessments, to include:
  • Supporting governance, risk, compliance journey as it relates to ICS/OT security
  • Investigating industrial control system (ICS) environments in line with client requirements
  • Writing reports including pragmatic recommendations (focusing on return on investment) to improve industrial security posture and resilience
  • Advising in regard to changes to ICS networks to strengthen current cybersecurity controls and introduce new controls.
  • Supporting the development of standards (guidelines, policies, and procedures) used to maintain and improve ICS Cyber Security Management
  • Support and develop policy, procedure and governance including Industrial Security Assessment templates/procedures, OT IR response documentation, OT ISMS, etc.
• Relevant professional qualifications and recognitions e.g. Certified Information Security Auditor (CISA), Certified Data Privacy Software Engineer (CDPSE) and CSA Star Certification would be advantageous.

Additional Information

It is expected that the successful applicant:

• Will  be a flexible, enthusiastic person with well-developed customer service skills and experience and excellent interpersonal / communication and negotiation skills, both written and verbal, with the ability to communicate at all levels, work within a Team and build relationships
• Have the ability to be self-managing and prioritize workload, balance priorities and to meet internal deadlines and performance measures and Client and Customer service delivery expectations.
• Be willing to travel on business intensively, mostly with New Zealand, but also on occasion to assist Clients and other SGS Affiliates in South East Asia Pacific (SEAP)
• Hold Residency status or a hold a current and valid Work Visa to work in New Zealand (NZ)
• Hold, or be able to obtain, a current and valid full NZ and/or International Driver’s Licenses.