Security Auditor

Company Description**
SGS Brightsight provides clients with security certification on products and systems. Our job is to ensure the security functionality and robustness of the design within a product and its connected systems. The Security Audit will plan and conduct audits to assess the compliance of customer products, web services, life cycle, sites and cloud configurations to different standards including Common Criteria, ISO 62443 or Digital Trust Label (DTL). You will have an understanding or background in the Cyber Security Domain, especially the life cycle and implementation of secure solutions.**

Job Description**
The Security Auditor will plan and conduct audits to assess the compliance of customer products, web services, life cycle, sites and cloud configurations to different standards including Common Criteria, ISO 62443 or Digital Trust Label (DTL). You will have an understanding or background in the Cyber Security Domain, especially the life cycle and implementation of secure solutions.**
**More specifically, you will**:

- Prepare and execute security audits of customer products, services, life cycle and sites based on different standards;
- Evaluate the overall lifecycle of a product from design, through implementation and through to production, delivery and usage;
- Assess the secure implementation and data privacy compliance of solutions and services;
- Collect and document evidence based on documents, interviews or site visits;
- Perform qualitative and quantitative results analysis;
- Travel to customer sites when required.

**Qualifications**:
You will have a background in some (if not all) of the following areas and will be trained to use your skills in a different way:

- Educated to degree level in Information Management, Information Security, IT Business management or a similar field;
- Proven work experience in IT security, Information Security and security auditing;
- Qualitative and quantitative analytical skills;
- System design knowledge;
- Knowledge of physical, logical and organizational security measures;
- Knowledge of secure life-cycles;
- Experience with security standards as ISO 27001/2, ISO 22301 and ISO 62443;
- Data Privacy and GDPR know-how.

Additional Information**
This position will be based at our lab in Graz.