About the Client
Our client is a provider of top-of-the-line medical solutions with innovative strength in diagnostic and therapeutic technologies, including information technology and system integration. therapies, medical IT solutions complemented with advice and service support. They deliver a comprehensive range of solutions - from prevention and early detection to diagnosis, treatment and patient care.
Benefits:
- Variable and Christmas bonus
- Hybrid type of work – combination of telework and work from office
- Flexible Working Hours
- Bridge days – free extra paid leave 6 days per year
- 3 sick days per year (no doctor’s permit needed)
- In case of sickness 100% salary reimbursement 20 days/ year, this includes max. 10 days/ year for of
family care
- Additional pension plan
- 300 EUR for regeneration of work force via cafeteria system
- Wellbeing program – Psychological, Legal and Financial Councelling
- Family care program (subsidy for newborns, maternity leave, kindergardens, summer camps)
- Retention program (work anniversary, life anniversary, employee loans)
- Training and development program (business and product trainings, e-learning, language courses,
soft skills trainings,…)
- Adjustable standing desk as a standard
- Participation on world famous IT conferences like Microsoft IGNITE for best employees
- Wide project portfolio in healthcare domain and job rotation within company (Cybersecurity,
About the Role
For our client we are looking for a Lead Auditor with senior experience in ISO 27001, IT Security, ISO 9001, and Auditing (ISO 19011)
Responsibilities
- Act as a Lead Auditor alongside qualified Audit Teams.
- Develop, design, and execute IT Security Audits and Assessments ad-hoc and as per the global internal Audit Plan.
- Audit and Assess IT systems, controls, and procedures to ensure compliance with ISO 27001 requirements and company policies, identifying weaknesses or gaps in the implementation of IT controls and procedures in safeguarding information.
- Evaluate client´s IT Quality Management System (QMS), for compliance with, as applicable: ISO 9001, as well as applicable standards and guidance documents specific to the audit target. Knowledge of ISO 13485 and MDSAP would be an advantage.
- Develop Audit Reports/Presentations on findings to Auditees and communicating the results to (Senior) Management.
- Collaborate with IT teams to implement corrective actions and monitor progress towards achieving compliance objectives. Provide guidance and support to IT teams and stakeholders on implementing and maintaining IT security measures.
- Serve as an expert on applicable regulatory and internal requirements, their interpretation, and application.
- Accompany and support incoming audits/inspections, liaise with external auditors and counterparts in Business/Functions.
- Stay abreast of emerging IT security threats, vulnerabilities, and technologies to continuously improve the organization's security posture.
Requirements
- Have successfully completed studies in the fields of computer science, IT, economics, or a related discipline. Alternatively, possess several years of relevant professional experience or additional qualification in the field of Information Security or IT Security.
- Have proven experience in conducting Audits and Assessments of IT systems, controls, and procedures, specifically within the ISO 27001 framework, in the role as Auditor as well as Lead Auditor.
- Essential knowledge with ISO 9001, MDSAP, and desired ISO 13485
- Have in-depth knowledge of information security principles, best practices, and standards, with a focus on IT environments.
- Have strong analytical skills to identify risks, vulnerabilities, and weaknesses in IT processes and technologies.
- Have excellent communication and interpersonal skills to effectively interact with IT professionals and stakeholders.
- Be a motivated self-starter and be able to work independently and collaboratively in a fast-paced environment, managing multiple priorities effectively.
- Have a self-confident personality, experienced with communicating up to senior level management.
- Have a consultative mindset.
Nice to Have Skills
- Relevant certifications such as ISO 27001 Lead Auditor, CISA, CISSP, or CISM and ISO 9001 QMA.
- Familiarity with industry regulations and standards such as GDPR, NIST, SOC, or HIPAA.