Internal Technology Auditor
Description:
JOB SPECIFICATION
Role:
Internal Auditor
Reports To:
Head of Operational Risk
Department:
Information Systems
Location:
London
Salary:
TBC
Company Background:
The LMAX Group is a global financial technology company which operates multiple institutional execution venues for FIAT and digital currency trading.
Servicing brokers, funds, corporates, asset managers and banks, the LMAX Group delivers a unique vision for global FX and cryptocurrency trading - a transparent, neutral, level playing field for all market participants, regardless of status, size or activity levels.
Purpose:
Compliance and certifications allow our clients to be confident in the security and privacy of our products, while also providing frameworks for well-tuned information security management systems and programs. ISO27001 is the foundation on which the LMAX Group operates.
The LMAX Group is looking for an internal auditor who can match the busy pace of our rapidly growing international business is our main priority. Full training will be provided for the successful applicant.
The post holder will be part of a team responsible for internally auditing internal controls and security standards such as ISO27001, SOC 1 and SOC 2.
The role includes auditing the effectiveness of internal controls, risk and security assessments, and developing policies alongside stakeholders.
The successful applicant will support auditees in correcting nonconformities and provide guidance on acceptable standards. Ideally the successful applicant will have knowledge of cyber security governance, associated controls and effective monitoring and/or an interest in cryptocurrency.
You are a person who is looking for a role in which you can grow into a senior auditor, who has the curiosity and the persistence to find loopholes at both technical and process levels. We will teach the technical skills needed. You can identify and analyse connections and linkages within the Group’s departments and their processes to focus the audit and risk management approach.
We realize people do not fit into neat boxes and the LMAX Group offers some flexibility around remote working.
Requirements:
- Perform internal audits of processes, policy, and systems for internal control compliance.
- Design and implement new internal controls
- Perform SOC 1 & 2 control audits of documentation and policy to support external assessments.
- Work cross-functionally with all departments and operational teams to drive governance and security control implementation for the organization.
- Work with risk owners to review and aggregate risk assessments, recommend and manage risk treatment plans.
- Interface with regulators, auditors or clients requesting RFIs, inquiries, and security audit reviews.
- Track and correct issues identified during internal and external audits.
- Supplier due diligence and ongoing monitoring/reporting
- Desirable ISO/IEC 27001 Certified Lead or Internal Auditor and or equivalent experience.
- Experience in Information Technology, Security Analysis, Governance, Risk and Compliance is an advantage
- Previous experience either working with or alongside an audit body
- Experience working with risk management processes is an advantage
- Knowledge of any of the following security standards and frameworks: SOC 1, SOC 2, ISO 27001, 22301, NIST, FCA, GSFC.
- Understanding of vulnerabilities, threats and risks at an organisational level.
- Knowledge related to cyber security governance, controls, and effective monitoring.
- Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts
- Excellent written and oral English communication skills
- ISO auditing, CISSP, CIPP, CIPM, CIPT, CISA certifications.
- Project Management skills or qualifications.
- History of study or working in areas such as networking, IT Security, Development would be desirable.
- Experience within the finance or digital currency sector.
Experience and skills:
Technical Skills:
Any of the following would help you to stand out:
Soft Skills:
- Team mentality and ability to prioritise and escalate
- Willingness to learn, and to share knowledge
- Communication skills, ability to converse with all levels
- Genuine enthusiasm for Security and Governance
- Positive, constructive and open-minded attitude
- A problem-solving mindset coupled with a strong sense of ownership and drive.
- Practical approach to managing time and workload, to ensure tasks are completed in a timely fashion.
- Ability to understand business processes and how they affect the security stance.
- Good documentation and communication skills to communicate with a global team.