IT Auditor

We are looking for an IT Security Assessor for our client in the pharma industry

Key responsibilities:

• Evaluate the information security program, policies, and governance of acquired company against the client's security requirements.
• Ensure alignment with frameworks (NIST, ISO 27001, CIS) and regulatory requirements (GDPR, HIPAA, etc.).

Sample activities/tasks:

• Assess network topology, cloud environments, and data centres.
• Identify legacy systems, unsupported software, and insecure configurations.
• Identify known breaches, incidents, or ongoing threats.
• Verify compliance with industry regulations.
• Check for outstanding audit findings or unresolved compliance gaps.
• Review vendor contracts and security requirements.
• Assess exposure from third-party integrations and shared data.
• Evaluate data classification, encryption, and retention policies.
• Check for risks related to PII, PHI, or intellectual property.
• Review user provisioning, privileged access controls, and MFA adoption.
• Identify risks of orphaned accounts or excessive permissions.
• Assess incident response plans and disaster recovery capabilities.
• Verify backup integrity and ransomware resilience.
• Review existing cyber insurance coverage and exclusions (if any in-place).
• Identify gaps that could impact post-integration risk.
• Evaluate security awareness programs and overall security culture.
• Identify potential challenges in integrating security teams and processes.

Scope of Authority

• Independence and proactivity should always be demonstrated when prioritising planning and performing tasks.

Other areas of responsibility

• The IT Security Assessor must be security trained and prepared to co-operate in teams and groups within and outside the acquired company and client.

Communication and Stakeholder interaction

Key stakeholders
and
Type of communication:

Internal stakeholders are e.g.:

• List to be shared after agreement signed.

• Drive security assessment and communicate potential high risks as they become known. Sharing early observations to allow quick remediation of critical issues.

• Collect and present a combined assessment overview.
• Direct communication with acquired company for information security gathering and validation.
• Use secure channels for sensitive data exchange.
• Building relationship and trust.

External stakeholders are e.g.:

• Suppliers and third parties

• If needed, interview or take part in information gathering and reconnaissance process with external parties (vendors, authorities etc.).

Innovation and change

Capable of identifying problems, security risk and relevant issues and assessing these using standard procedures according to security frameworks.

Geographic responsibility:

The job is based in US-West, San Francisco CA.

Knowledge, skills and experience:

Education
:

• Relevant bachelor's or master's degree

Experience:

• IT proficiency and skilled within Security Assessment, Security Audit, and other relevant cybersecurity domains, including risk analysis, compliance evaluation, vulnerability management, and advisory on best practices for securing IT infrastructure.

Required skills

advisory on best practices for securing IT infrastructure

security trained

Risk Analysis

compliance evaluation

Vulnerability Management

Security Assessments

Security Audit

Languages

• English (Proficient)