NTT

Senior Security Auditor

NTT

full-time

Posted on:

Location Type: Office

Location: HanoiVietnam

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

About the role

  • Provide senior-level audit program operations and security assurance support for a global security audit program
  • Own day-to-day operations of the global supply chain security audit program, ensuring overall quality control and adherence to customer requirements
  • Maintain and continuously update the audit calendar; coordinate scheduling with internal stakeholders and third‑party partner sites (e.g., contract manufacturers)
  • Plan and execute on-site or virtual audits as required; manage audit logistics, evidence requests, meeting agendas, and pre-audit readiness activities
  • Assess partner-site network topology and configuration against defined security requirements; document gaps, risks, and recommendations
  • Produce high-quality audit reports, including findings, severity/risk rationale, and Corrective Action Plans (CAP) where applicable
  • Review submitted audit results (from internal/partner contributors) for accuracy, completeness, and quality; drive rework where needed
  • Track remediation actions and open items; coordinate with audit teams and partner-site IT teams to drive timely closure of security gaps and remediation bugs
  • Upon request, conduct supply-chain related data security risk assessments and provide written reports with mitigation recommendations; may include mock ISMS/ISO 27001 readiness audits
  • Support planning and coordination for new security implementations (e.g., kick-off coordination, golden image rollouts, authentication updates) by aligning stakeholders, timelines, and required actions
  • Develop slide decks and support kick-off and executive update presentations for partner sites and program stakeholders
  • Provide light security operations coordination support (e.g., triage and reassignment of EDR detection tickets to partner sites; follow up on remediation status)
  • Deliver regular operational reporting (weekly/monthly/quarterly and as required) including progress updates, current status, KPIs, insights, and analysis
  • Prepare operational forecasts (weekly/monthly/quarterly/bi-annual/annual) with assumptions and risk/opportunity assessments, delivered in advance of each reporting period
  • Serve as a country or site lead point of contact when assigned; manage stakeholder communications and escalation paths effectively
  • Maintain strict confidentiality of customer and site information; adhere to customer and site IT policies and procedures

Requirements

  • 6–10+ years of experience in security auditing, security assurance, GRC, or security assessments
  • Experience with third‑party/vendor or supply-chain audits is highly preferred
  • Demonstrated experience running audit program operations: scheduling, readiness, evidence management, reporting, CAP creation, and remediation tracking to closure
  • Working knowledge of ISO/IEC 27001 (ISMS) and common security control domains; ability to perform readiness reviews and control mapping
  • Solid understanding of enterprise networks and security fundamentals to review network topology/configuration and identify control gaps
  • Strong stakeholder management and communication skills; able to engage with cross-functional internal teams and partner-site IT teams across geographies
  • Excellent written English skills with proven ability to produce structured audit reports, executive summaries, KPIs, and forecasts
  • Comfortable working across time zones and managing multiple sites/workstreams; highly organized and detail-oriented
  • Willingness and ability to travel domestically and internationally as required
  • Preferred Certifications (Nice to Have): CISA, CISSP, ISO/IEC 27001 Lead Auditor/Lead Implementer (or equivalent).
  • Additional relevant certifications in risk management, audit, or security frameworks are advantageous.
Benefits
  • Equal Opportunity Employer
  • Global culture that embraces diversity
  • Environment free of unfair discrimination and harassment
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security auditingsecurity assuranceGRCsecurity assessmentsaudit program operationsISO/IEC 27001network topologyevidence managementremediation trackingrisk assessments
Soft Skills
stakeholder managementcommunication skillsorganizational skillsdetail-orientedcross-functional collaborationwritten English skillstime managementproblem-solvingpresentation skillsconfidentiality
Certifications
CISACISSPISO/IEC 27001 Lead AuditorISO/IEC 27001 Lead Implementerrisk management certificationsaudit certificationssecurity framework certifications