ISO IT Auditor

About the RoleThe ISO IT Auditor will play a crucial role in assessing compliance and providing strategic technical leadership within our dynamic team. You will be responsible for conducting ISO assessments and delivering various client-focused security services. As an integral member of our organization, you will leverage your expertise in industry frameworks such as SOC, SOX, or PCI DSS to foster the ongoing growth of our fast-paced company. A-LIGN values quality project execution over traditional metrics, offering you the opportunity to support management and high-profile clients in a virtual environment. To ensure your professional development, we will provide tailored ISO training courses and ongoing mentorship from our seasoned consultants.

Are you driven by the desire to leverage technology and controls to create meaningful change? At SumUp, we are seeking a dedicated IT Internal Auditor to elevate our Internal Audit team in Sofia. In this pivotal role, you will play a key part in ensuring our IT framework is secure, compliant, and capable of supporting millions of businesses globally. About SumUpSumUp is a prominent global fintech company focused on leveling the playing field for small enterprises. Since our inception in 2012, we have built trust with over 4 million merchants across 36 markets worldwide. Our mission is to simplify business operations and make them affordable by providing tools that assist entrepreneurs in getting paid, managing finances, and enhancing customer relationships. Team DescriptionYou will be integrated into our Internal Audit team, reporting directly to the Global Head of Internal Audit. This team is crucial in protecting SumUp's operations, ensuring adherence to regulatory standards, and fostering continuous improvement throughout the organization. Your focus will be on enhancing our IT audit capabilities, which are vital components of our audit strategy and risk management framework. What You’ll DoLead and execute IT-centric internal audits to ensure SumUp’s systems and controls align with regulatory and business standards.Enhance audit efficiency by analyzing data: execute queries, extract information from systems, and implement advanced analytics.Craft a focused IT audit plan, guiding our evaluation of technology risks across the organization.Convert audit findings into clear, actionable recommendations and present them confidently to management and stakeholders.Serve as an independent advocate for control and compliance, building trust while navigating challenges and driving change.Foster strong relationships with stakeholders to promote a culture of proactive internal controls.Stay informed about evolving IT standards, regulations, and best practices.

Your impactful mission. You will...Establish and implement comprehensive organizational information security processes to meet business, regulatory, legislative, and contractual obligations.Oversee internal and external ISMS audit procedures, ensuring the effectiveness of controls and corrective actions in collaboration with various stakeholders.Conduct gap analyses, manage compliance readiness, and monitor compliance activities for ISO/IEC 27001, PCI DSS, and other regulatory security audits.Coordinate external security audits and assessments, developing and executing remediation plans as necessary.Identify, evaluate, and monitor information security risks while recommending appropriate mitigation strategies.Design, implement, and lead an extensive organizational information security awareness training program.Manage security requirements with third-party vendors, ensuring due diligence in product and service providers and embedding information security clauses in contracts.Develop and maintain information security policies, procedures, and related documentation.Analyze and communicate information security requirements stemming from legislative and regulatory mandates across different jurisdictions.Act as project manager or lead on various security projects.Continuously enhance knowledge to adapt to changes in the company's regulatory environment and requirements.