The post in a nutshell:
The organizational security auditor carries out audits and controls of security processes. He ensures compliance with internal policies and regulations that apply to the organization. It checks that the security policies and rules defined to ensure maintenance in secure conditions are implemented, respected and effective; it identifies vulnerabilities and proposes remedial actions.
Equivalent title: Organizational security audit expert
Carrying out audits:
- Adopt a global vision of the information system to be audited
- Define audit and control plans within the organization
- Conduct permanent and/or periodic security checks, in particular based on documentary reviews, collection of evidence, access to consoles and reports from security tools or the use of automated compliance control tools
- Conduct and document security process audits, analyze documentation and evidence, conduct team interviews
- Evaluate the correct application, effectiveness and compliance of company security policies and procedures
- Assess compliance with a standard or benchmark, establish eligibility for certification
- Write reports including an analysis of vulnerabilities and discrepancies observed and highlight and assess security risks and their impact on business
- Define recommendations to address risks arising from discovered vulnerabilities
- Collaborate with IT teams to implement recommendations Produce security and compliance level dashboards
Our advice: this position is open to women and men. Motivation and the desire to learn are the fundamental qualities for the success of your project. Don’t put a barrier on yourself, you can do it.
- Knowledge of governance, norms and standards: mastery of audit methodologies
- Knowledge of the information system and architecture principles
- Mastery of the fundamentals in the main areas of ISS Knowledge of governance, norms and standards in the field of security: ISO standards (2700X), sector standards (PCI-DSS, etc.)
- Ability to summarize and popularize for non-technical audiences
- Drafting of reports adapted to different levels of interlocutors
Description of the profession in the ANSSI directory
The physical protection of a site by an IT security audit is one of the fundamentals in all obligations and in all good cybersecurity practices.
How to access into the job?
Training: Bac +5 Profession accessible from professional experience in audit I
Master Cybersecurity expert
The Master's block is adapted to professions with responsibility and to very specific needs of cybersecurity. It will allow you to deepen and refine your knowledge and skills in one of our 4 specialties: Information Technology (IT), Industrial (OT), Security Operations Center (SOC) or Governance, Risk and Compliance (GRC).
The complete career guide
Condimentum lacinia quis vel eros donec ac odio. Nibh cras pulvinar mattis nunc sed blandit libero volutpat. Facilisis gravida neque convallis a cras semper auctor neque vitae.
Same field jobs
Our school provides training in 21 cybersecurity jobs, from technical to supervising positions, from IT operations to industrial systems security. Here is the list of jobs you will be trained for by attending one of our training programs.