ISO 27001 Auditor #CER

Job Description:
Responsible for conducting Information Security Management System (ISMS) audits in accordance with ISO/IEC 27001 standards and relevant auditing guidelines. The auditor ensures the organization’s ISMS is effectively implemented, compliant with requirements, and continuously improved.

Key Responsibilities:

• Conduct internal and external ISMS audits based on ISO/IEC 27001 and ISO 19011 guidelines.

• Assess the compliance and effectiveness of information security policies and controls.

• Collect and evaluate audit evidence through document reviews, interviews, and on-site observations.

• Identify nonconformities, observations, and opportunities for improvement, and report findings objectively.

• Prepare and deliver clear, accurate, and timely audit reports.

• Maintain independence, objectivity, and confidentiality throughout the audit process.

• Collaborate effectively with audit team members and relevant stakeholders.

Technical Competencies:

• In-depth knowledge of ISO/IEC 27001:2022 requirements.

• Familiarity with information security controls under ISO/IEC 27002:2022.

• Understanding of audit principles and practices following ISO 19011.

• Ability to analyze risks and assess security controls effectively.

Educational Qualifications:

Bachelor’s degree (minimum) in one of the following fields:

• • Information Technology

  • Information Systems

  • Computer Engineering

  • Information Security

  • Engineering / Science or other relevant disciplines

Work Experience:

• Minimum of 2 years of experience as an ISMS Auditor or in a related information security role.

Preferred Qualifications:

• Certified Lead Auditor in ISO/IEC 27001.

• Experience in implementing or managing ISMS within medium to large organizations.

• Strong communication and reporting skills in English and/or Bahasa Indonesia