Senior Security Auditor
Hanoi, Hanoi, Viet Nam
Full Time
2 weeks ago
No Sponsorship
Key skills
BIStakeholder ManagementCommunication
About this role
Role Overview
- Provide senior-level audit program operations and security assurance support for a global security audit program
- Own day-to-day operations of the global supply chain security audit program, ensuring overall quality control and adherence to customer requirements
- Maintain and continuously update the audit calendar; coordinate scheduling with internal stakeholders and third‑party partner sites (e.g., contract manufacturers)
- Plan and execute on-site or virtual audits as required; manage audit logistics, evidence requests, meeting agendas, and pre-audit readiness activities
- Assess partner-site network topology and configuration against defined security requirements; document gaps, risks, and recommendations
- Produce high-quality audit reports, including findings, severity/risk rationale, and Corrective Action Plans (CAP) where applicable
- Review submitted audit results (from internal/partner contributors) for accuracy, completeness, and quality; drive rework where needed
- Track remediation actions and open items; coordinate with audit teams and partner-site IT teams to drive timely closure of security gaps and remediation bugs
- Conduct supply-chain related data security risk assessments and provide written reports with mitigation recommendations; may include mock ISMS/ISO 27001 readiness audits
- Support planning and coordination for new security implementations (e.g., kick-off coordination, golden image rollouts, authentication updates) by aligning stakeholders, timelines, and required actions
- Develop slide decks and support kick-off and executive update presentations for partner sites and program stakeholders
- Provide light security operations coordination support (e.g., triage and reassignment of EDR detection tickets to partner sites; follow up on remediation status)
- Deliver regular operational reporting (weekly/monthly/quarterly and as required) including progress updates, current status, KPIs, insights, and analysis
- Prepare operational forecasts (weekly/monthly/quarterly/bi-annual/annual) with assumptions and risk/opportunity assessments
- Serve as a country or site lead point of contact when assigned; manage stakeholder communications and escalation paths effectively
- Maintain strict confidentiality of customer and site information; adhere to customer and site IT policies and procedures
Requirements
- 6–10+ years of experience in security auditing, security assurance, GRC, or security assessments
- Experience with third‑party/vendor or supply-chain audits is highly preferred
- Demonstrated experience running audit program operations: scheduling, readiness, evidence management, reporting, CAP creation, and remediation tracking to closure
- Working knowledge of ISO/IEC 27001 (ISMS) and common security control domains; ability to perform readiness reviews and control mapping
- Solid understanding of enterprise networks and security fundamentals to review network topology/configuration and identify control gaps
- Strong stakeholder management and communication skills; able to engage with cross-functional internal teams and partner-site IT teams across geographies
- Excellent written English skills with proven ability to produce structured audit reports, executive summaries, KPIs, and forecasts
- Comfortable working across time zones and managing multiple sites/workstreams; highly organized and detail-oriented
- Willingness and ability to travel domestically and internationally as required
- Preferred Certifications: CISA, CISSP, ISO/IEC 27001 Lead Auditor/Lead Implementer (or equivalent)
Benefits
- Opportunity to make an impact with NTT DATA
- Technical excellence and leading innovations
- Diverse and inclusive workplace