Information Security Auditor (Consulting | AI & Automation)

Roboyo
19, March 2026
Cibersegurança
Tempo inteiro

Descrição do trabalho

Roboyo is a category shaper in Agentic Automation. We help leading brands embed autonomous, AI‑powered agents into their workflows, processes, products and services so they can scale faster and operate smarter.

Built on a strong automation heritage, we focus on seamless integration of AI into enterprise level organization, not just proving concepts, but owning outcomes and driving value in every industry we are present. At Roboyo, you’ll join a global team of builders, consultants and engineers that are top practitioners of taking solutions to the next level for clients in pursuit of excellence.

We’re looking for an Information Security Auditor (Consulting) to help our clients assess, improve, and evidence their security posture—especially where automation, AI solutions, cloud platforms, and modern engineering practices (CI/CD, DevSecOps) are involved.

  • This role is client-facing and combines audit execution, security assurance, and advisory. You will lead and contribute to security audits, control assessments, and compliance readiness engagements (e.g., ISO 27001, NIST, SOC 2), and you’ll partner with delivery teams to embed security controls into automation and AI-enabled processes.
  • What You’ll Do (Responsibilities)1) Deliver Client Audits & Security Assessments
  • Plan and execute risk-based security audits and control assessments for clients (internal controls, cloud, apps, DevOps, automation platforms, and third parties).
  • Define audit scope, objectives, criteria, testing approach, and sampling aligned to standards and frameworks such as:
  • ISO/IEC 27001/27002, NIST CSF / 800-53, CIS Controls, SOC 2, COBIT
  • Perform fieldwork:
  • Control design & operating effectiveness testing
  • Evidence gathering, interviews, walkthroughs
  • Access reviews, logging/monitoring validation, change management testing
  • Vulnerability & patch management review
  • Data protection controls verification (where relevant)
  • Maintain high-quality working papers, traceability, and repeatable audit methodology.
  • 2) Audit Readiness & Compliance Advisory (Consulting-led)
  • Support client readiness for ISO 27001 certification, surveillance audits, and customer assurance requests.
  • Assess regulatory and contractual security requirements relevant to client context (e.g., GDPR security requirements; NIS2 applicability depending on sector).
  • Provide pragmatic remediation guidance:
  • Prioritized improvement plans
  • Control roadmaps & quick wins
  • Evidence pack design for audits / customer questionnaires
  • Conduct follow-up and verify remediation closure.
  • 3) AI, Automation & Modern Engineering Assurance
  • Assess how security is implemented in automation and AI/ML-enabled workflows, including:
  • Secure automation (RPA / workflow orchestration), bot identities, credential vaulting, segregation of duties
  • AI governance & risk controls (data lineage, model risk, prompt/data access controls, monitoring)
  • Secure SDLC / DevSecOps controls: CI/CD, code scanning, secrets management, artifact integrity
  • Review controls for:
  • Cloud environments (Azure/AWS/GCP), M365 security posture
  • API security and integration patterns used in automation
  • Identity & Access Management (IAM), privileged access, MFA, conditional access
  • Logging, monitoring, SIEM integration, incident response runbooks
  • 4) Third-Party & Supplier Security (a key consulting stream)
  • Perform supplier/third-party security assessments (questionnaires + evidence-based validation).
  • Help clients establish third-party assurance models and risk scoring approaches.
  • Support vendor onboarding security checks and contract security clauses alignment.
  • 5) Client Communication, Reporting & Executive Storytelling
  • Produce crisp, executive-ready deliverables:
  • Audit reports with findings, risk ratings, impact, and recommendations
  • Control matrices, evidence trackers, remediation plans
  • Board/CISO/CIO-ready summaries
  • Present results to client stakeholders and facilitate workshops to align on remediation plans.
  • 6) Contribute to Growth (Consultancy DNA)
  • Support pre-sales by contributing to:
  • Proposals and statements of work (SoWs)
  • Effort estimates, delivery plans, and approach decks
  • Discovery sessions and scoping calls
  • Help build our service offering: templates, accelerators, audit checklists, automation of evidence collection, and knowledge base.
  • What We’re Looking For (Required)Experience & Knowledge
  • 3+ years in one or more: Information Security, IT Audit, GRC, Security Assurance, or Security Engineering (adjustable by seniority).
  • Proven e
Voltar para homepage