IT Auditor

TESTQ Technologies is an IT services and solutions company whose offerings spans over variety of industry sectors with strong technical, domain and process expertise helping clients grow their businesses and decrease operational costs on continuous basis in an ever-changing business environment.

This opportunity is in the solution design and development arena for IT Auditor who will play a major role in the technical design and development of the company’s technical offerings. The position is based at our Leicester office with occasional assignments at client locations.


Job Description (Main Duties and Responsibilities):

Plan, conduct, and report on IT audits, including infrastructure, applications, cybersecurity, and IT general controls (ITGCs).
Evaluate the design and operating effectiveness of controls related to access management, change management, data integrity, and system security.
Perform risk assessments on IT systems and contribute to the annual audit plan.
Review and test controls for compliance with SOX, ISO 27001, NIST, COBIT, PCI DSS, or other relevant frameworks.
Collaborate with IT and business units to understand system architecture, data flows, and operational processes.
Prepare detailed audit reports with clear findings, risks, and actionable recommendations.
Track remediation of audit findings and support follow-up assessments.
Work with external auditors and regulators during compliance reviews or financial audits.
Stay updated on emerging technologies, threats, and audit best practices.
Support audits of third-party vendors and cloud service providers for risk and compliance.

Key Skills, Qualifications and Experience Needed [The candidate must demonstrate these in all stages of assessment]

Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field.
3+ years of experience in IT auditing, information security, or risk management.
Strong understanding of ITGCs, cybersecurity frameworks, and industry standards.
Hands-on experience with tools such as ACL, Power BI, ServiceNow, Splunk, or GRC platforms.
Working knowledge of network infrastructure, databases, cloud platforms (AWS/Azure/GCP), and ERP systems (e.g., SAP, Oracle).
Familiarity with data privacy laws and regulatory requirements (e.g., GDPR, HIPAA, SOX).
Excellent written and verbal communication skills, with the ability to explain technical issues to non-technical stakeholders.
Strong analytical thinking, attention to detail, and organizational skills.
CISA (Certified Information Systems Auditor) — strongly preferred.
Other certifications such as CISSP, CRISC, CIA, CEH, or ISO 27001 Lead Auditor are a plus.
Familiarity with Agile environments, DevSecOps, or CI/CD auditing practices.
3–5+ years of experience in IT audit, technical compliance, cloud security, or cybersecurity operations.
Deep understanding of cloud architecture and security controls (AWS IAM, Security Groups, VPC, Azure RBAC, etc.).
Proficiency in reading and interpreting configuration files, scripts, or infrastructure-as-code (Terraform, CloudFormation).
Experience with SIEMs, EDR/XDR solutions, and network security appliances (e.g., Palo Alto, Cisco ASA).
Familiarity with identity and access management systems such as Okta, Azure AD, Duo, and PAM tools like CyberArk or BeyondTrust.
Strong knowledge of compliance frameworks and security standards (e.g., NIST, ISO, SOC 2, CIS, PCI-DSS).
Hands-on use of audit tools and vulnerability scanners (Tenable, Rapid7, Nessus).
Experience with SAST/DAST tools and reviewing security findings from code repositories (e.g., GitHub, GitLab). Read more