Senior Information Security Auditor
NTT DATA
Posted: November 30, 2025
Interested in this position?
Create a free account to apply with AI-powered matching
Required Skills
Job Description
Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive.
Your day at NTT DATA
The Information Security Auditing Specialist is a seasoned subject matter expert who plays a critical role in evaluating and ensuring the effectiveness of less complex security controls, policies, and practices.
This role collaborates with various cross functional teams to enhance the organization's security posture, mitigate risks, and maintain compliance with industry standards and regulations.
The Information Security Auditing Specialist typically reviews other auditor's audit reports ahead of sign off to provide feedback for the auditor to deliver comprehensive report findings.
Key Responsibilities:
Lead planning, scoping, and execution of internal audits for information security, privacy, and business resilience using risk-based audit methodologies.
Perform detailed control testing across technical, process, and third-party outsourcing controls aligned to ISO/IEC 27001, ISO/IEC 27701, SOC 2 TSC, ISO/IEC 22301, and other applicable standards.
Produce clear, concise, and detailed audit reports including findings, risk ratings, root-cause analysis, practical remediation recommendations, and risk acceptance considerations.
Act as primary liaison with external audit bodies, regulators, and assurance partners: prepare evidence packages, coordinate on-site/remote audit activities, and respond to follow-up queries.
Provide advice and guidance to business units, IT, legal, privacy, and risk teams on information security and privacy frameworks, control design, and compliance requirements (e.g., GDPR, DORA).
Mentor, coach, and develop junior auditors — review their work, provide feedback, and support career development and skills building.
Maintain and enhance the internal audit methodology, templates, and assurance tooling; champion use of automation and AI to improve efficiency of testing, pattern detection, and reporting.
Track remediation actions: maintain issues/risk register, liaise with control owners, validate remediation, and escalate where necessary.
Contribute to continuous improvement initiatives for the Information Security & Privacy Management System (ISPMS) and cross-functional risk programs.
Support management reporting and audit committee deliverables, prepare executive summaries, and present findings to senior stakeholders.
Knowledge and Attributes:
Strong working knowledge of ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 22301, and SOC 2 TSC frameworks: controls mapping, gap analysis, and audit interpretation.
Deep understanding of GDPR principles and practical privacy controls; familiarity with EU/UK data protection obligations.
Knowledge of financial / operational regulatory frameworks such as DORA (or readiness to apply its requirements to ICT risk and operational resilience).
Experience liaising with external auditors and regulators, preparing evidence packs, and responding to assurance queries.
Strong technical literacy: understanding of network security, identity/access management, cloud security, application security, encryption, logging/monitoring, and third-party risk controls.
Proficiency in audit tools, GRC platforms, and common productivity suites; willingness to evaluate and adopt AI tools for data analysis, testing, and reporting.
Academic Qualifications and Certifications:
Certified Lead Auditor (or equivalent) in:
ISO/IEC 27001 Lead Auditor
ISO/IEC 27701 Lead Auditor (or demonstrable privacy audit experience)
ISO/IEC 22301 Lead Auditor (desirable)
Professional certifications preferred: CISA, CISSP, CRISC, CIPM or equivalent.
Experience working within regulated industries (financial services, critical infrastructure, healthcare, or large-scale technology services) is highly desirable.
Required experience:
Minimum 5–8+ years of experience in information security, privacy, compliance, or IT/internal audit roles with demonstrated audit delivery.
Prior experience leading information security or privacy internal audits and coordinating external audit engagements.
Competencies & Behaviours
Demonstrates strong analytical thinking, attention to detail, and the ability to translate technical findings into business risk terms.
Excellent written and verbal communication skills — able to produce executive-level summaries and detailed technical reports.
Strong stakeholder management skills: builds credibility with technical teams, business leaders, and external assurance parties.
Coaching mindset: motivated to develop junior team members and contribute to a high-performance audit team culture.
Proactive, pragmatic, and commercially aware — offers pragmatic remediation guidance that balances security, business continuity, and cost.
Curiosity and drive to innovate: explores automation and AI opportunities to enhance audit effectiveness and efficiency.
Deliverables & Success Measures
Timely completion of assigned audits according to the annual audit plan and risk priorities.
High-quality audit reports with actionable recommendations and appropriate risk ratings.
Demonstrable reduction in repeat findings and timely remediation closure rates.
Positive feedback from auditees, external auditors, and senior stakeholders on professionalism and clarity of reporting.
Implementation or pilot of AI-enabled techniques or automation in audit processes where appropriate.
Working Relationships
Reports to: Manager, Information Security Audit
Regular interaction with: CISO, Data Protection Officer, IT leadership, Business Unit Managers, Legal, Risk, External Audit Firms, and Regulators.
Workplace type:
Remote Working
About NTT DATA
NTT DATA is a $30+ billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world’s leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services. Our consulting and industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is part of NTT Group, which invests over $3 billion each year in R&D.
Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.
Third parties fraudulently posing as NTT DATA recruiters
NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an @nttdata.com email address. If you suspect any fraudulent activity, please contact us.