Key skills
Cyber SecurityLeadershipRisk ManagementMentoringCollaboration
About this role
Role Overview
- Developing QA Plans: Create and maintain QA frameworks, quality objectives, and assurance plans aligned with applicable standards (e.g., ISO 17021, ISO 27001).
- Defining Quality Criteria: Establish quality benchmarks, review criteria, and acceptance standards for audit processes and deliverables.
- Process Documentation Review: Review internal SOPs, audit methodologies, templates, and guidelines to ensure consistency and compliance
- Audit File Reviews: Perform independent reviews of audit files, reports, and documentation to ensure compliance with certification body requirements.
- Observer Audits: Conduct observer audits (remote/on-site) to evaluate auditor performance and adherence to audit methodologies.
- Sampling and Validation: Select samples of completed audits and validate adequacy of evidence, findings, and conclusions.
- Quality Gap Identification: Identify non-conformities, deviations, and areas of improvement in audit processes and outputs.
- QA Reports: Prepare detailed QA reports highlighting observations, risks, and improvement opportunities.
- Trend Analysis: Analyze recurring issues, systemic gaps, and performance trends across audits and auditors.
- CAPA Management: Ensure corrective and preventive actions (CAPA) are defined, implemented, and verified for effectiveness.
- Root Cause Analysis: Facilitate root cause analysis for major quality issues and systemic failures.
- Process Enhancement: Recommend improvements to audit methodologies, tools, templates, and internal processes.
- Standards Alignment: Ensure compliance with accreditation requirements (e.g., ISO 17021, ISO 19011) and internal policies.
- Accreditation Readiness: Support preparation for accreditation body assessments and surveillance audits.
- Regulatory Updates: Stay updated on changes in standards, accreditation rules, and industry best practices.
- Competency Evaluation: Support evaluation of auditor competence, performance, and qualification criteria.
- Guidance and Coaching: Provide constructive feedback and mentoring to auditors to improve quality.
- Complaint Handling: Review and investigate client complaints related to audit quality and certification decisions.
- Impartiality Assurance: Ensure impartiality and independence are maintained in all audit and certification activities.
- Escalation Management: Escalate critical quality risks to senior management.
- Cross-Functional Collaboration: Work with auditors, technical reviewers, and management to ensure consistent quality standards.
- Management Reporting: Provide periodic QA performance reports, KPIs, and dashboards to leadership.
- Policy Enforcement: Ensure adherence to internal quality policies across all teams.
- Continual Learning: Stay updated with evolving QA practices, ISO standards, and accreditation requirements.
- Certifications: Maintain relevant certifications (e.g., ISO standards, Lead Auditor, Internal Auditor, QA certifications).
Requirements
- Bachelor’s degree in information technology, Cybersecurity, Engineering, or a related field
- ISO/IEC 27001 Lead Auditor / Internal Auditor
- Knowledge or exposure to ISO 17021 requirements
- Relevant certifications such as: CISA, CISSP, or equivalent (preferred but not mandatory)
- 3–8 years of experience in one or more of the following: Information Security Management Systems (ISMS), Internal/External audits (ISO 27001 or similar standards), Certification body operations or accreditation support, IT audit, compliance, or risk management
- Strong understanding of: ISO/IEC 27001 requirements and controls, ISO/IEC 17021 and accreditation requirements, ISO 19011 (auditing principles and practices), Information Security frameworks (e.g., NIST, SOC 2), Risk assessment and control evaluation techniques, Audit lifecycle, certification decision process, and compliance methodologies
Tech Stack
- Cyber Security
Benefits
- Training Programs
- Professional Development