Security Auditor Jobs
What is a security auditor?
A security auditor undertakes regular reviews of the cyber security systems of a business. The main objective of a security auditor is to produce a security audit report which can be used to inform future decisions of how to strengthen a company’s cyber security protocols.
Once the audit has been completed, those in this role will also need to work with other IT security team members to find resolutions through new software, hardware or security practices.
How much does a security auditor make?
In the US, the average salary for a security auditor is $84,000, with the lower 10 percentile earning $63,000. In the UK, the average salary for an IT auditor is £40,000, with the lower 10 percentile making £22,000. These figures have been taken from https://www.payscale.com.
What does a security auditor do?
Security auditors are primarily responsible for the monitoring of a company’s security systems and strategies. However, some auditors may also be required to audit the security systems and levels of compliance of third-party businesses in the supply chain, such as in the case of larger corporations.
The typical job duties of a security auditor will include:
- Knowledge of the business’ security systems
During your time at the company, you will be working closely with the IT security team to understand the needs of the business, the software and hardware they already use and the skills of the team which will help you achieve your goals.
You will also need to stay on top of cyber security trends to identify any threats which could affect the business to test whether these threats can be managed by the existing security systems.
- Undertaking audits
You will be responsible for scheduling, managing and completing regular security audits of the business. Regular audits will help to identify threats sooner and avoid breaches before they can take place.
Audits will typically encompass every part of an organisation’s infrastructure, including the Local Area Network (LAN), Public Key Infrastructure (PKI), Wide Area Network (WAN) and Virtual Private Network (VPN).
You will also most likely need to audit the security compliance of staff members to identify whether key employees are following security protocol and any vulnerabilities they may be exposing.
- Producing audit reports
Once you have undertaken the audit, you will need to compile your findings into a report which can be presented to senior members of the business. You will need to be confident in delivering this report and able to clearly present your findings.
The report will need to have identified any vulnerabilities or areas of weakness and suggest solutions which the business can take action on. The report will also need to recommend infrastructure upgrades which have been discussed or advised by other relevant members of the security team.
- Recommend solutions to vulnerabilities and best practice for compliance
Within your report, you will need to recommend solutions, either to software, hardware or security protocol followed by staff. You will then need to work with other senior members of the security team to devise the implementation of these new practices or technology. This includes new security tools and threat management or detection software.
What qualifications do you need to be a security auditor?
Typically, security auditors will be expected to have a degree in computer science or a relevant field. This is also a highly technical position so employers may be looking for a master’s degree in cyber security or computer science.
However, those without a formal degree qualification may consider a candidate with strong evidence of practical work experience. This would involve over five years’ experience in IT security.
Other professional qualifications include the Certified Information Systems Auditor (CISA), granted by the ISACA, which is a globally recognised qualification for audit control, assurance and security professionals.
Why is security auditing important to an organisation?
Security audits are an imperative part of any cyber security strategy as they enable you to identify your biggest vulnerabilities and combat cyber threats. Regular auditing can prevent breaches, reduce the damage of breaches and help manage your company’s reputation with your clients.
Audits must be undertaken at least once a year to stay on top of the latest trends in cybercrime, to ensure all processes are being followed and that all areas of the security infrastructure are working correctly.