Information Security Auditor

Do you want to join a growing team of top professionals who invest time and effort into teaching, career growth, and cultivating employees into the next generation of IT experts? You've come to the right place. Span is a Croatian IT company with a global reach specializing in high-quality information systems design and management services, as well as tech support for customers and enterprises. We're constantly improving, advancing, and adopting new trends, new skills, and new expertise, giving our employees virtually endless opportunities for professional development.  

As a result of higher demand and new growing businesses as well as customer requests in the fields of Governance, Risks and Compliance, we are looking for a Information Security Auditor to join us and strengthen our team.

As an Information Security Auditor you'll be responsible for assessing the effectiveness of business processes in organisations, control mechanisms, and information security measures in organizations across various industries worldwide. 

Join us and play a key role in uncovering vulnerabilities, optimizing security controls, and shaping safer digital environments across global industries.

What you'll do:

• Plan and conduct audits of business processes and control mechanisms related to information security
• Assess compliance with internal policies, procedures, and legal requirements (e.g., Cybersecurity Act)
• Analyse risks related to information protection
• Evaluate the effectiveness of measures protecting the confidentiality, integrity, and availability of information
• Identify weaknesses in the information security management systems and propose improvements
• Document findings, assess risk levels, and define recommendations
• Prepare audit reports and present the findings to relevant stakeholders

What we expect:

• 1+ years of working experience in audit (internal or external) or IT consulting
• Understanding the best practices of business process management and control frameworks
• Analytical, structured and detailed approach to work
• Ability to work in teams and on your own
• Excellent communication skills
• Proficiency in Word and Excel
• Knowledge of English

Skills that will bring you extra points:

• Knowledge of GDPR and regulatory frameworks
• Knowledge of ISO 27001, COBIT, NIST standards
• Professional certificates (e.g., ISO 27001 Lead Auditor/Implementer, CISA, CRISC) 

What's in it for you:

• Competitive salary according to your experience
• A business phone of your choice
• InHouse testing center - we are giving you an option of gaining professional certificates
• Mentor - no matter how much experience you've got, we will provide you with an adequate mentor
• Regular feedback on your performance and personalized career development plan
• Possibility to earn different types of bonuses
• Subvention of Multisport card or PassSport- not only brain workout is important
• Minimum of 25 vacation days
• Complete health checks- adjusted for men and women
• Psychological counseling- we care about your well-being
• Lunch and transportation compensations
• Benefits for children of employees