IT Auditor – ISO 27001/27701 Stage 1

About the Role

The ISO Lead Auditor works independently and collaboratively to lead and execute Stage 1 audits for clients preparing for certification. In this role, you will be responsible for assessing readiness, identifying gaps, and ensuring alignment with information security and privacy management standards.

Reports to

Managing Consultant 

Pay Classification

Full-Time

Responsibilities

• Review the client’s documented Information Security Management System (ISMS) and Privacy Information Management System (PIMS)
• Evaluate the scope of the management system, including boundaries, applicability, and exclusions
• Assess the client’s understanding of ISO/IEC 27001 and ISO/IEC 27701 requirements, including risk assessment and treatment processes
• Verify that internal audits and management reviews have been planned and/or conducted
• Confirm the allocation of resources and roles for implementing and maintaining the ISMS/PIMS
• Identify areas of concern that could be classified as nonconformities in Stage 2
• Determine the client’s readiness for Stage 2 audit and provide recommendations
• Analyze policies, procedures, risk registers, asset inventories, and data flow diagrams
• Ensure documentation aligns with clauses and controls in Annex A of ISO/IEC 27001 and Annex B of ISO/IEC 27701
• Evaluate risk assessment methodology and risk treatment plans
• Review Statement of Applicability (SoA) and control implementation
• Assess alignment with clauses 4–10 (context, leadership, planning, support, operation, performance evaluation, and improvement)
• Assess mapping of privacy controls to applicable jurisdictions
• Review roles of PII Controllers and PII Processors
• Evaluate privacy risk assessments and data subject rights handling
• Prepare detailed Stage 1 audit reports with findings, observations, and recommendations
• Communicate audit outcomes to clients and internal stakeholders
• Collaborate with the audit team to plan Stage 2 activities based on Stage 1 results

Minimum Qualifications

EDUCATION  

Bachelor’s Degree in Information Security or related discipline, preferred but not required

EXPERIENCE  

• Minimum 2-3 years of experience conducting ISMS/PIMS audits
• Strong understanding of data protection regulations (e.g., GDPR, CCPA)

CERTIFICATIONS 

• Certified Lead Auditor in ISO/IEC 27001 and ISO/IEC 27701

SKILLS 

• Ability to meet deadlines with a high degree of motivation
• Excellent analytical, communication, and report-writing skills
• Thrives in a fast-paced environment
• Ability to work individually as well as collaboratively

Benefits

• Healthcare, Dental, and Vision Benefits
• Employer Paid Personal Accident Insurance
• Competitive Bonus Structure
• Home Office Reimbursement
• Certification Reimbursement
• Personalized Career Coaching
• Paid Office Closure December 25-January 1
• Generous Paid Time Off
• Summer Hours

About A-LIGN 

A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com.

Come Work for A-LIGN!

Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on LinkedIn. 
A-LIGN is an Equal Opportunity Employer.