We are seeking a highly skilled and detail-oriented Information Security Auditor to join our team. In this role, you will be responsible for evaluating and ensuring the effectiveness of the organizations and our customers’ information security policies, procedures, and controls. You will conduct audits of systems, networks, and applications to identify vulnerabilities, assess risks, and ensure compliance with industry standards, regulations, and best practices.

Responsibilities 

• Conduct regular security audits of IT systems, networks, and applications to identify potential risks, vulnerabilities, and areas of non-compliance.
• Evaluate the effectiveness of security controls, including firewalls, encryption protocols, access management, and intrusion detection systems.
• Review and assess security policies and procedures to ensure they are up-to-date and aligned with industry standards (e.g., ISO/IEC 27001, NIST, GDPR, PCI DSS).
• Assess and review access controls and user permissions to ensure appropriate levels of access are granted, and unauthorized access is prevented.
• Collaborate with the teams to ensure the implementation of necessary security measures to mitigate identified risks.
• Provide actionable recommendations to management for improving security posture and reducing risks.
• Prepare and present audit reports, highlighting security issues, risks, and recommendations to senior management and relevant stakeholders.
• Stay current with evolving cybersecurity threats, trends, and regulatory requirements to continuously improve security practices.
• Conduct security awareness training sessions for employees and assist in fostering a culture of security awareness.

Communication skills

• Analytical skills
• Detail oriented
• Cooperation and Teamwork
• Active learning skills
• Time management
• Problem solving skills
• Positive Attitude
• Strong Work Ethic

Personnel specifications

• Diploma: Bachelor’s or master’s degree in computer science, Cybersecurity, Information Technology, or a related field.

Experience: 

• Proven experience (2+ years) in related areas or similar role.

Specific areas of expertise:

• Strong understanding of information security principles and best practices, including risk management, security protocols, and regulatory requirements.
• Experience with security frameworks and standards such as ISO/IEC 27001, NIST, PCI DSS, and GDPR.
• Familiarity with network security, firewalls, encryption techniques, and intrusion detection systems.
• Excellent analytical, problem-solving, and communication skills, with the ability to explain complex security issues in simple terms to non-technical stakeholders.
• Ability to work independently and as part of a collaborative team.
• Certifications
• Certification in information security auditing (e.g., CISA, CISM) or equivalent.

Language Skills

• Azerbaijani (required)
• English (required)