Job Description

Reference: TQ2425_2136_440

Vacancy: 1

Location: Leicester

Job Purpose:

TESTQ Technologies is an IT services and solutions company whose offerings spans over variety of industry sectors with strong technical, domain and process expertise helping clients grow their businesses and decrease operational costs on continuous basis in an ever-changing business environment.


This opportunity is in the solution design and development arena for

IT Auditor

who will play a major role in the technical design and development of the company's technical offerings. The position is based at our Leicester office with occasional assignments at client locations.

(Main Duties and Responsibilities):

Plan, conduct, and report on

IT audits

, including infrastructure, applications, cybersecurity, and IT general controls (ITGCs). Evaluate the design and operating effectiveness of controls related to

access management, change management, data integrity, and system security

. Perform risk assessments on IT systems and contribute to the annual audit plan. Review and test controls for compliance with

SOX

,

ISO 27001

,

NIST

,

COBIT

,

PCI DSS

, or other relevant frameworks. Collaborate with IT and business units to understand system architecture, data flows, and operational processes. Prepare detailed audit reports with clear findings, risks, and actionable recommendations. Track remediation of audit findings and support follow-up assessments. Work with external auditors and regulators during compliance reviews or financial audits. Stay updated on emerging technologies, threats, and audit best practices. Support audits of third-party vendors and cloud service providers for risk and compliance.

Key Skills, Qualifications and Experience Needed [The candidate must demonstrate these in all stages of assessment]

Bachelor's degree in Information Systems, Computer Science, Accounting, or related field. 3+ years of experience in IT auditing, information security, or risk management. Strong understanding of ITGCs, cybersecurity frameworks, and industry standards. Hands-on experience with tools such as ACL, Power BI, ServiceNow, Splunk, or GRC platforms. Working knowledge of network infrastructure, databases, cloud platforms (AWS/Azure/GCP), and ERP systems (e.g., SAP, Oracle). Familiarity with data privacy laws and regulatory requirements (e.g., GDPR, HIPAA, SOX). Excellent written and verbal communication skills, with the ability to explain technical issues to non-technical stakeholders. Strong analytical thinking, attention to detail, and organizational skills.

CISA (Certified Information Systems Auditor)

-- strongly preferred. Other certifications such as

CISSP, CRISC, CIA, CEH, or ISO 27001 Lead Auditor

are a plus. Familiarity with

Agile environments

, DevSecOps, or CI/CD auditing practices. 3-5+ years of experience in IT audit, technical compliance, cloud security, or cybersecurity operations. Deep understanding of

cloud architecture and security controls

(AWS IAM, Security Groups, VPC, Azure RBAC, etc.). Proficiency in reading and interpreting

configuration files, scripts

, or

infrastructure-as-code

(Terraform, CloudFormation). Experience with

SIEMs, EDR/XDR solutions

, and network security appliances (e.g., Palo Alto, Cisco ASA). Familiarity with

identity and access management

systems such as

Okta, Azure AD, Duo

, and

PAM tools

like CyberArk or BeyondTrust. Strong knowledge of

compliance frameworks and security standards

(e.g., NIST, ISO, SOC 2, CIS, PCI-DSS). Hands-on use of

audit tools

and

vulnerability scanners

(Tenable, Rapid7, Nessus). Experience with

SAST/DAST tools

and reviewing security findings from code repositories (e.g., GitHub, GitLab).

Other Key skills:

Good analytical and Problem-solving skills Good communication skills A thorough approach and Self starter Focus on quality and delivery Working together in teams Leadership and effective decision making Flexible Attitude

Qualifications: Bachelor's degree or above in the UK or Equivalent.

Salary: GBP 42000 to 55000 per annum

Published Date: 1st August 2025

Closing Date: 30th August 2025

Evaluation: CV Review, Technical Test, Personal and Technical Interview and References

Job Type: Full-time, Permanent [Part time and Fixed Term option is available]

*