Lead Auditor

Select how often (in days) to receive an alert:

• Work Location:
  Various Work Locations USA, Glendale, AZ, Houston, TX, Reston, VA
• Salary Range: $105,000 - $160,200 annually (Determined by function, education, experience, and qualifications of the applicant.)

Since 1898, we have helped customers complete more than 25,000 projects in 160 countries on all seven continents that have created jobs, grown economies, improved the resiliency of the world's infrastructure, increased access to energy, resources, and vital services, and made the world a safer, cleaner place.

Differentiated by the quality of our people and our relentless drive to deliver the most successful outcomes, we align our capabilities to our customers' objectives to create a lasting positive impact. We serve the Infrastructure;
Nuclear, Security & Environmental;
Energy;
Mining & Metals, and the Manufacturing and Technology markets. Our services span from initial planning and investment, through start-up and operations.

The Bechtel Information Security & Compliance team is seeking a passionate and enthusiastic lead internal auditor who is very familiar with ISO
27001 certification and auditing processes and has demonstrated experience assessing compliance to the ISO standard as well as internal policies and procedures. Successful candidate will be responsible for leading and managing internal audit activities and providing valuable insights to improve Bechtel information security management system. Applicants should have excellent communication skills and a thorough understanding of information security risks as it relates to I&D business, viewing security holistically, applying risk management intelligently, using creative problem-solving techniques, and the ability to work successfully with multidisciplinary teams.

• Lead and manage ISO 27001 internal audit activities, including planning, execution and reporting.
• Lead a team of auditors across the globe, ensuring effective coordination and collaboration.
• Communicate regularly with corporate information security management team to ensure alignment of audit methodology and schedule.
• Plan and conduct ISO 27001 internal compliance audits, document audit reports, review completion of corrective actions and verify closure of audit findings.
• Conduct information security technical compliance reviews and recommend improvements to operational processes and/or information security controls.
• Evaluate effectiveness of internal risk management processes and risk treatment mitigations.
• Establish strong partnership with internal stakeholders to ensure compliance with regulatory or contractual requirements, and corporate policies and procedures.
• Collaborate with multidisciplinary teams to address audit findings, implement corrective actions and/or changes to information security controls.
• Prepare and present audit reports to senior management.
• Provide ISO 27001 consultation to information security management team.
• Develop policies and procedures on internal audit processes.
• Maintain auditability and present evidence of internal audit activities during ISO 27001 external audits.
• Establish and maintain effective internal audit compliance dashboard.
• Assist with external audit processes and internal investigations as needed.
• Travel to Bechtel offices and jobsites as needed.

• BS in a computer related field or 10 years of equivalent IT work experience.

• Minimum 2 years ISO 27001 auditing experience.
• Strong information security background, with demonstrable understanding of security frameworks and standards.
• Strong knowledge of internal control frameworks and risk management principles.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Knowledgeable in 4 or more of the security domains listed below:
  • Information Security Governance and Management
  • Network Security Operations
  • Security Architectures
  • System Development Lifecycle
  • NIST, DOD and Risk Management Framework
  • Confidential Unclassified Information (CUI)
  • Identity and Access Management
  • Disaster Recovery and Business Continuity
• Experience with industry standards, guidelines and regulatory/compliance requirements related to information security such as Cloud Security Alliance (CSA), NIST Cybersecurity Framework (CSF) and Special Publication (SP) 800-series, PCI DSS, SOC2, etc.
• Ability to work independently and manage multiple projects simultaneously.
• Proficiency in Service Now Governance, Risk and Compliance (GRC) module.
• Experience writing business and audit reports and delivering presentations at various management levels.
• CISM, CISA, CISSP, PMP or Prince2 certifications a plus.

For decades, Bechtel has worked to inspire the next generation of employees and beyond! Because our teams face some of the world's toughest challenges, we offer robust benefits to ensure our people thrive. Whether it is advancing careers, delivering…