Senior Security Auditor
Continue to make an impact with a company that is pushing the boundaries of what is possible. At NTT DATA, we are renowned for our technical excellence, leading innovations, and making a difference for our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can continue to grow, belong, and thrive.
Your career here is about believing in yourself and seizing new opportunities and challenges. It’s about expanding your skills and expertise in your current role and preparing yourself for future advancements. That’s why we encourage you to take every opportunity to further your career within our great global team.
- Own day-to-day operations of the global supply chain security audit program, ensuring overall quality control and adherence to customer requirements.
- Maintain and continuously update the audit calendar; coordinate scheduling with internal stakeholders and third‑party partner sites (e.g., contract manufacturers).
- Plan and execute on-site or virtual audits as required; manage audit logistics, evidence requests, meeting agendas, and pre-audit readiness activities.
- Assess partner-site network topology and configuration against defined security requirements; document gaps, risks, and recommendations.
- Produce high-quality audit reports, including findings, severity/risk rationale, and Corrective Action Plans (CAP) where applicable.
- Review submitted audit results (from internal/partner contributors) for accuracy, completeness, and quality; drive rework where needed.
- Track remediation actions and open items; coordinate with audit teams and partner-site IT teams to drive timely closure of security gaps and remediation bugs.
- Upon request, conduct supply-chain related data security risk assessments and provide written reports with mitigation recommendations; may include mock ISMS/ISO 27001 readiness audits.
- Support planning and coordination for new security implementations (e.g., kick-off coordination, golden image rollouts, authentication updates) by aligning stakeholders, timelines, and required actions.
- Develop slide decks and support kick-off and executive update presentations for partner sites and program stakeholders.
- Provide light security operations coordination support (e.g., triage and reassignment of EDR detection tickets to partner sites; follow up on remediation status).
- Deliver regular operational reporting (weekly/monthly/quarterly and as required) including progress updates, current status, KPIs, insights, and analysis.
- Prepare operational forecasts (weekly/monthly/quarterly/bi-annual/annual) with assumptions and risk/opportunity assessments, delivered in advance of each reporting period.
- Serve as a country or site lead point of contact when assigned; manage stakeholder communications and escalation paths effectively.
- Maintain strict confidentiality of customer and site information; adhere to customer and site IT policies and procedures.
- 6–10+ years of experience in security auditing, security assurance, GRC, or security assessments; experience with third‑party/vendor or supply-chain audits is highly preferred.
- Demonstrated experience running audit program operations: scheduling, readiness, evidence management, reporting, CAP creation, and remediation tracking to closure.
- Working knowledge of ISO/IEC 27001 (ISMS) and common security control domains; ability to perform readiness reviews and control mapping.
- Solid understanding of enterprise networks and security fundamentals to review network topology/configuration and identify control gaps.
- Strong stakeholder management and communication skills; able to engage with cross-functional internal teams and partner-site IT teams across geographies.
- Excellent written English skills with proven ability to produce structured audit reports, executive summaries, KPIs, and forecasts.
- Comfortable working across time zones and managing multiple sites/workstreams; highly organized and detail-oriented.
- Willingness and ability to travel domestically and internationally as required.
- CISA, CISSP, ISO/IEC 27001 Lead Auditor/Lead Implementer (or equivalent).
- Additional relevant certifications in risk management, audit, or security frameworks are advantageous.
Workplace type:
Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Accelerate your career with us. Apply today