Information Security Auditor

The growing BSI France team is looking for a mobile, bilingual English-French technical profile with skills and experience in information security / data privacy in order to carry out audits of the systems of management of information security and data protection / data privacy.

The role of auditor includes the coverage of risk management and compliance with reference standards. This includes the audit of processes/activities, IT infrastructures, Datacenters/Cloud, SOC, security processes and technical implementations based on the requirements of international standards, frameworks and benchmarks ISO 27001, ISO 27017, ISO 27018, SOC2, GDPR, Europrivacy, HDS and other information security and data protection audit criteria/data privacy/GDPR/Europrivacy.

This position of auditor requires a very strong autonomy, an ability to work in a global and matrix structure, collaboration with virtual teams with locations of collaborators in different countries.

An ability to work in Agile mode is necessary in the daily management of clients, audit tasks and multiple actions, anticipation of work over the year; with rigor in preparing each audit plan for all missions and the logistics adapted to travel to the client's site in France or abroad.

This role requires delivering deliverables on time with respect for operational KPIs, with an oral presentation of audit results and a properly formalized report in French and English depending on the context and country of the company or audited organization.

**About the role**

As an Auditor you must manage each audit as a project. You will carry out audits throughout the year with travel throughout France and sometimes abroad, you will make our customers benefit from your expertise in IT / Cybersecurity, you will produce reports within a given time after each audit and will have to follow the complementary corrective actions on the basis of continuous improvement and the audit result.

**Responsibilities**:

- Carry out daily audits in compliance with rules and procedures; prepare each audit plan upstream, covering the processes and activities of the company to be audited (single site or multi-site, national or multinational company) on the basis of the three-year audit program that you will have to define and keep up to date for each audit.
- Conduct relevant audit interviews with Cybersecurity Experts, Network Engineers, Software Architects, IT/Datacenter/Cloud Infrastructure Operations, Finance/Purchasing/HR/Legal Support teams; also interview of Managers and Top Managers of companies to be audited; this on the basis of the requirements repositories in information security, risk management and data privacy RGPD / Europrivacy.
- Provide audit in accordance with quality requirements and compliance with certification audit rules (ISO 17021-1, ISO 19011, BSI policies/procedures, Scheme Manual, IAF MD, Cofrac/UKAS audit and accreditation rules /ANAB/Acredia), detailing by formalizing the discrepancies, evidence, results and findings orally throughout the audit days and in writing in the form of an audit report.
- Establish audit recommendation based on audit findings in accordance with BSI policies and procedures.
- Provide accurate and timely information to support, operations and planning departments.
- Collaborate with all stakeholders to ensure client records are up to date/complete and all documented information requirements are met based on internal processes and audit rules.
- Establish a professional and effective relationship with the companies and organizations to be audited, encourage development opportunities and customer satisfaction in your portfolio.

**Position criteria**:

- Bilingual English / French
- Excellent oral and written communication skills
- High mobility, work on customer site
- Skills in IT, Cybersecurity, GDPR/Europrivacy
- 4+ years of IT experience
- 2 years (or more) of experience in information security
- Degree in computer science or information security
- Professionalism and ability to conduct interviews with IT/Cybersecurity Experts and Top Managers
- Ability to produce a written report compliant with audit rules, written in both English and French

**Job activities**:
You will have the opportunity to use all your technical expertise in Information Security / Data Privacy to explain the requirements to companies to audit and manage risk exposures.

You will ensure the quality and compliance of your audit in a strict certification process based on ISO 17021-1, ISO 19011, Scheme Manuals, ISO 27XXX, SOC2, GDPR, Europrivacy, ISO 27006, IAF MDX criteria and rules of Cofrac/UKAS/ANAB/Acredia accreditation.

You will manage customers on a day-to-day and proactive basis, ensuring that you maintain a very professional relationship in order to maximize customer satisfaction on the quality of your work. Your rigor and expertise should make it possible to guarantee the conformity of your assessment on the customer's site and the conformity of your aud