Senior Audit and Compliance Consultant
Ready to do the best work of your life? Join us, and bring everything you have to solve the most fulfilling problems on the market. As a Gold accredited Investor in People we have everything you need to propel your career to new heights. Inclusion is the beating heart of Alfa so whoever you are, you can show up as your best self everyday - be that from home, from our offices, or a little bit of both. We’ve got the tech, we’ve got the opportunities, all we’re missing is you.
Alfa are currently recruiting a Senior Audit and Compliance Consultant to contribute all information security auditing activities along with supporting day-to-day information security governance, risk and compliance (InfoSec GRC) activities.
Key responsibilities/activities
- Collaborate with the Information Security team to ensure Alfa’s ISMS is compliant with ISO 27001:2022 and ISO 27018:2019, and meets the requirements of the AICPA Statement on Standards for Attestation Engagements 18 (SSAE 18) / International Standard on Assurance Engagements No. 3402 (ISAE 3402) System and Organization Controls (SOC) 1 Type 2 and SSAE18 System and Organization Controls (SOC) 2 Type 2.
- Contribute to the audit cycles for all of Alfa’s Information Security auditing requirements (including client audits, internal audits and statutory audits).
- Conduct periodic review and maintenance of Alfa’s Information Security Management System (ISMS) policies, procedures and processes.
- Identify opportunities for improvements in information security controls to contribute to Alfa's growth and development.
- Contribute to the planning of internal, external and client audit requirements including the collection of evidence.
- Conduct physical security audits to ensure that Alfa’s operational locations are compliant with the ISMS.
- Contribute to the completeness of security questionnaires for existing and prospective clients.
- Contribute to the performance of Root Cause Analysis (RCA) for incidents and audit findings.
- Provide consultancy, information security advice and guidance to teams and projects at Alfa.
- Develop improvement plans from continuous internal IT security audits and threat modelling exercises.
- Engage with third-party vendors, establishing and maintaining relationships with those third parties (as required).
- Integrate and collaborate with other project and delivery teams at Alfa, such as: Technical Operations, Internal Solutions, Hosting Operations, Finance and Sales.
- Comply with any other requirements set out in the information security roles and responsibilities.
Required experience /qualifications
- Bachelor's degree (or equivalent) from a top university.
- Associate Chartered Accountant (ACA) qualification offered by the Institute of Chartered Accountants in England and Wales (ICAEW) (fully qualified).
- Good knowledge and experience of SOC 1 and SOC 2 examination and attestation requirements.
- Experience with both internal and external IT assurance projects/engagements.
- Good knowledge of IT audit techniques.
- Capable of working independently.
- Strong analytical and interpersonal skills with the ability to communicate complex and technical issues clearly and succinctly.
- Eligible to work in the UK without restriction.
- Minimum 3 years experience in related roles. This experience can be from an organisation which is SOC 1 and SOC 2 certified or from working in a major audit firm conducting SOC 1 and SOC 2 audits.
Preferred experience /qualifications
- Awareness of EU/UK legislation / regulation, such as: Digital Operational Resilience Act (DORA) and Digital Services Act (DSA).
- Application of ISO 27001:2022 Information security, cybersecurity and privacy protection - Information security management systems - Requirements.
- Familiarity with ISO 27001 certification audit process/requirements.
- Application of ISO 27005:2022 Information security, cybersecurity and privacy protection - Guidance on managing information security risks or NIST Risk Management Framework.
- Application of ISO 27018:2019 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
- Awareness of data privacy legislation including GDPR and e-Privacy Regulation.
- Understanding and experience of the 'Three Lines of Defence' model environment.
- Achievement of ISACA Certified Information Security Auditor (CISA), ISACA Certified Information Security Manager (CISM) or equivalent.
What we’ll do for you
-
Support you in flexible hybrid
-
25 days’ annual leave plus bank holidays and flexible cultural days
-
Pension contribution match up to 6%
-
Provide private health insurance and access to private 24/7 online GP
-
Support you with enhanced maternity, paternity and adoption leave with family-friendly policies
-
Provide Income protection
-
Provide Life, disability and worldwide travel insurance
-
Offer interest free loans of up to £10,000 after probation period
-
Offer Gympass given access to a range of health and wellbeing gyms, classes and apps
About Alfa
We bring our industry-leading software platform to the likes of Mercedes-Benz and CarMax, so they can do business globally. Supporting all types of auto, equipment and wholesale finance business, our software platform uses a modern technology stack to deliver proven functionality and performance. Our customers use Alfa Systems for the full lifecycle, from point of sale, through originations, to contract management and remarketing. Alfa Systems manages complex leases and loans, in any region, language and currency in a highly available, high-throughput system.
Culture
Our culture is vibrant, innovative and diverse, and we are proud of it. Ours is a close-knit community. Alfa employees are an eclectic mix and all are creative, talented and hardworking. We think it is important to build close working relationships within our company, so we hold numerous team events and conferences that bring us together for socialising and team building. We all enjoy the work-life balance and the great culture, with plenty of social activities organised by the company.
