Lead Auditor

Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future.

Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet.

We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them.

Predominantly focused on the public-sector, Methods is now building a significant private sector client portfolio.

Methods was acquired by the Alten Group in early 2022.
Description:

We are seeking a highly skilled and experienced IT/IS Security Auditor with Lead Auditor experience to join our dynamic team. The ideal candidate will possess a deep understanding of information security principles, auditing methodologies and regulatory compliance requirements. They will lead and conduct comprehensive security audits to ensure the integrity, confidentiality and availability of our information assets. This role requires strong analytical skills, attention to detail and the ability to communicate effectively with various stakeholders.

1. Advanced Audit and Security certifications/qualifications such as CISSP, CISA, CISM, Institute of Internal Auditors (IIA) or equivalent are preferred.
2. Proven experience in IT/IS security auditing, with a strong focus on leading audit engagements.
3. In-depth knowledge of information security principles, best practices, and standards.
4. Proven experience in leading and building Audit & Assurance Teams, supporting individuals to improve their capability and in turn Methods capability.
5. Familiarity with regulations, standards and frameworks GDPR, HIPAA, PCI DSS, ISO 27001, NIST and NIS.
6. Experience else a good understanding of the work of NCSC.
7. Excellent analytical, problem-solving, and decision-making skills.
8. Strong communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to non-technical stakeholders.
9. Ability to work independently and collaboratively in a fast-paced environment.
10. High level of integrity, professionalism and attention to detail.

Responsibilities:

1. Lead Audits: Take charge of planning, organizing, and leading IT/IS security audits from initiation to completion. This includes defining audit scope, objectives, and methodologies in accordance with industry standards and regulatory requirements.
2. Building Capability and Leading Teams. Proven ability to build Audit and Assurance Teams to include professional training complementing relevant work experience.
3. Audit Execution: Execute audit procedures, including but not limited to reviewing systems, conducting interviews, reviewing and analysing policies, procedures, processes and documentation.
4. Documentation and Reporting: Document audit findings, observations, and recommendations in clear and concise reports. Communicate audit results to management and stakeholders, providing actionable insights and recommendations for improvement.
5. Assessment: Identify potential security vulnerabilities and threats within the organization's IT systems, networks and infrastructure. Develop strategies and practical recommendations to mitigate risks and vulnerabilities.
6. Compliance Monitoring: Review and report on an organisation’s security posture to include policies, procedures and controls in line with extant security standards and frameworks as well as regulatory requirements. Stay abreast of relevant laws, regulations, and industry standards (such as GDPR, HIPAA, ISO 27001, NIST, NIS) to ensure compliance.
7. Continuous Improvement: Collaborate with client IT and security teams to implement corrective actions and remediation plans based on audit findings. Continuously monitor and evaluate the effectiveness of security controls and processes.
8. Training and Awareness: Provide guidance and training to staff on security best practices, policies, and procedures. Promote a culture of security awareness and compliance throughout the organization.
   

Additional desirable knowledge/experience:

1. Auditing emerging technologies such as IoT/OT, blockchain, AI/ML.
2. Auditing cloud environments (e.g., AWS, Azure, GCP).
3. COBIT, ITIL, CIS, CAF.
4. Public and Private Sector to include defence, healthcare, automotive, finance and insurance.
5. GovAssure

This role will require you to have or be willing to go through Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website Gov.UK. If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected . Details of this will be discussed with you at interview. 

Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy.

By joining us you can expect

• Autonomy to develop and grow your skills and experience
• Be part of exciting project work that is making a difference in society
• Strong, inspiring and thought-provoking leadership
• A supportive and collaborative environment

Development – access to LinkedIn Learning, a management development programme, and training

Wellness – 24/7 confidential employee assistance programme

Flexible Working – including home working and part time

Social – office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and commitment to charitable causes

Time Off – 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each year

Volunteering – 2 paid days per year to volunteer in our local communities or within a charity organisation

Pension – Salary Exchange Scheme with 4% employer contribution and 5% employee contribution

Discretionary Company Bonus – based on company and individual performance

Life Assurance – of 4 times base salary

Private Medical Insurance – which is non-contributory (spouse and dependants included)

Worldwide Travel Insurance – which is non-contributory (spouse and dependants included)

Enhanced Maternity and Paternity Pay

Travel – season ticket loan, cycle to work scheme

For a full list of benefits please visit our website ()