Audit Program Director
Listed on 2026-07-13
-
IT/Tech
Cybersecurity, Information Security, IT Business Analyst
The Nordic Audit Program Director will lead and actively execute the organization’s internal and external audit program across Information Technology and related business functions. This hands‑on role is responsible for managing the full audit lifecycle while directly performing key audit activities, including planning, evidence collection and review, coordination with auditors and internal stakeholders, tracking remediation efforts, and supporting control improvement initiatives.
Working alongside other team members and business partners, the Audit Program Director will ensure audit readiness, timely and effective audit execution, and strong accountability for addressing identified findings and strengthening the organization’s control environment.
- Lead and actively execute Nordic’s internal and external audit program across Information Technology and related business functions.
- Manage the full audit lifecycle, including audit planning, readiness activities, evidence collection, evidence review, auditor coordination, issue tracking, and remediation follow‑up.
- Directly participate in the execution of audits alongside internal team members and cross‑functional stakeholders, ensuring timely and accurate completion.
- Serve as the primary owner for internal, external, and certification audits and assessments related to Cyber Essentials, ISO/IEC 27001, HITRUST CSF, NIST‑based control assessments, and SOC2 examinations.
- Coordinate with internal and external auditors, assessors, certifying bodies, and business stakeholders to support successful audit execution and timely responses to requests.
- Develop, maintain, and improve audit procedures, standards, documentation, and evidence repositories to support repeatable and efficient audit performance.
- Assess the design and operating effectiveness of controls and identify opportunities to strengthen Nordic’s control environment, compliance posture, and operational maturity.
- Track audit findings, observations, and remediation activities through closure, while driving accountability across technical and business teams.
- Partner closely with Information Security, Infrastructure, Compliance, Privacy, Legal, and operational teams to ensure alignment of audit activity with organizational priorities and obligations.
- Support ongoing control maturity and audit readiness efforts through gap assessments, internal reviews, process improvement initiatives, and policy or control enhancement recommendations.
- Prepare clear and concise audit status updates, findings summaries, risk insights, and remediation progress reports for leadership and key stakeholders.
- Monitor changes in relevant regulatory, certification, and assurance requirements and help translate those changes into audit and control program updates.
- Promote a culture of accountability, transparency, and continuous improvement in support of Nordic’s risk management and assurance objectives.
- Bachelor’s degree in information technology, cybersecurity, risk management, business, or related field, or equivalent work experience.
- 15+ years of progressive experience in audit, cybersecurity, compliance, risk management, or information security roles, with experience leading and directly executing audit activities.
- Demonstrated experience managing and performing internal and external audits across cybersecurity, compliance, and control frameworks.
- Strong working knowledge of Cyber Essentials, ISO/IEC 27001, HITRUST CSF, NIST Cybersecurity Framework (CSF) 2.0, and SOC2 / Trust Services Criteria audits and assessments.
- Experience coordinating with external auditors, certification bodies, assessors, and internal stakeholders in support of successful audit and certification outcomes.
- Proven ability to assess control design and operating effectiveness, identify gaps, and drive remediation efforts through closure.
- Strong understanding of IT general controls, cybersecurity controls, risk management practices, and audit evidence requirements.
- Ability to work hands‑on in audit execution, including planning, evidence gathering, documentation review, issue tracking, and follow‑up activities.
- Strong…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).