Internal Auditor

Davies

Required skills

We are seeking an experienced Internal Auditor to support the business in achieving its objectives by conducting audits of our Global Information Security Management System (ISMS).
Reporting to the Group Security Audit & Assurance Manager, this role is responsible for performing technology, information security, cybersecurity, and compliance audits to assess the effectiveness of our ISO 27001 controls.
To be successful in this role, candidates must demonstrate excellent communication skills, hold ISO 27001 Lead Auditor certification, and possess strong documentation capabilities.
The ability to clearly articulate technical concepts to both technical and non-technical stakeholders across the organisation is essential.
Familiarity with additional industry standards—such as Cyber Essentials, Cyber Essentials Plus, PCI-DSS, NYDFS 23 NYCRR 500, ISO 42001, CSA, and SOC 2—is highly advantageous.
We are looking for individuals with strong interpersonal skills who can build effective working relationships at all levels.
The ideal candidate is a collaborative team player—flexible, approachable, and capable of managing multiple workstreams while meeting deadlines and maintaining excellent stakeholder engagement.
This is a full-time, office-based position located in Pune. Hybrid working arrangements may be considered following successful completion of the probation period.

Conduct technology, information security, cybersecurity, and compliance audits to assess the design, efficiency, and effectiveness of internal security controls.
Lead remediation discussions with stakeholders, ensuring clear guidance and timely resolution of audit findings.
Develop audit plans, including scope and objectives, and ensure audit assignments are completed accurately and within agreed timelines.
Engage and collaborate with key internal stakeholders, maintaining professionalism to ensure successful delivery of audit engagements.
Perform remote auditing activities, including assessments of physical security controls.
Serve as an escalation point for internal audit queries, providing clarity and expert guidance.
Produce high‑quality audit documentation, reports, and supporting evidence.
Prepare and deliver monthly KPI/KRI reporting.
Support the coordination and delivery of global ISO 27001 external audits.
Share best practices and contribute to the promotion of innovation across the security function.
Foster a culture of continual improvement across all aspects of security.
Demonstrate the company’s core values: We are Dynamic, We are Innovative, We are Connected, and We Succeed Together.
Perform additional duties as required to support the wider Information Assurance team.

Experience

Minimum of five years’ hands‑on experience in an information security audit, risk management, or related assurance role.
Proven experience auditing against established information security and cyber risk frameworks, including ISO 27001, NIST CSF, CIS Controls.
Practical experience reviewing and assessing information security risk management processes, including risk assessments, control effectiveness, and related reporting.
Demonstrated capability in drafting and maintaining audit documentation such as audit schedules, planning materials, policies, procedures, and reports that align with recognised security frameworks and regulatory requirements.
Skilled in preparing and delivering clear, concise, and stakeholder‑specific audit reports.
Experience in a third‑line governance, compliance, or risk assurance function within a large or complex organisation is desirable.
Experience working within regulated industries is advantageous.

Education

Bachelor’s degree or higher in Information Security, Computer Science, or a related discipline.

Knowledge

Strong understanding and practical experience with ISO/IEC 27001:2022, including both audit and implementation activities (implementation is advantageous).
Solid knowledge of ISO 31000: Risk Management – Guidelines.
Working knowledge of key cybersecurity frameworks such as the NIST Cybersecurity Framework (CSF) and CIS Controls.
Familiarity with security governance and compliance practices, including the development and interpretation of policies, standards, and procedures.
Good understanding of IT infrastructure, cloud services, business applications, and third‑party supplier risk management.
Proficient in risk assessment methodologies, including risk identification, analysis, evaluation, and mitigation strategies.
Strong understanding of security incident response processes, including escalation, investigation, and reporting.
Awareness of relevant regulatory and legal requirements, including:

Skills

Exceptional attention to detail, with strong analytical, reporting, and communication capabilities.
Clear and confident communicator, able to translate complex security concepts into language suitable for both technical and non‑technical audiences.
Strong stakeholder management skills with a focus on delivering an excellent customer experience.
Proactive, self‑motivated problem solver with the ability to work independently and take initiative.
Flexible, approachable, and effective in collaborative, fast‑paced environments.
Results‑driven and commercially aware, with the ability to align security activities to business objectives.

Ability

Ability to perform information security internal audits and produce clear, accurate, and well‑structured audit findings.
Collaborative team player, comfortable working alongside cross‑functional teams including departments such as IT, Legal, HR, Risk, and Operations.
Capable of leading small‑scale initiatives and contributing to continual improvement across security and risk audit activities.
Quick learner with a strong growth mindset, adaptable, and able to adjust effectively to changing priorities.
Strong understanding and practical experience with key information security and cyber risk frameworks, including ISO 27001, ISO 31000, NIST RMF/CSF, and CIS Controls.
Proven experience in conducting audits focused on information security and risk management.
Excellent English communication skills, both written and verbal, with the ability to convey complex information clearly and effectively.
Relevant professional certification, including:
ISO/IEC 27001:2022 Lead Auditor
A confident, collaborative team player who enjoys audit work and thrives in an environment that focuses on solutions rather than problems.

Desirable:

CISA – Certified Information Security Auditor

ISO/IEC 27001:2022 Lead Implementer

CISM – Certified Information Security

CRISC – Certified in Risk and Information Systems Control

Insurance claims management and legal professional services provider.

This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.