Associate Principal

ROLE PURPOSE

Perform and support risk‑based information security audits covering cybersecurity, access controls, data privacy, and protection of sensitive data; contribute to providing independent assurance and advisory services to enhance governance, control effectiveness, and overall security posture.

• Risk-Based Planning & Prioritization
• Define and execute the Information Security audit plan covering cybersecurity, access controls, and protection of sensitive data.
• Evaluate and prioritize security‑related risks and determine high‑priority audit engagements for execution.
• Security Assurance & Advisory
• Provide assurance and consultancy on information security governance, policies, procedures, and regulatory compliance.
• Recommend improvements to information security controls to address vulnerabilities and strengthen defense mechanisms.
• Provide reasonable assurance for compliance with applicable security standards to ensure data confidentiality, integrity, and availability.
• Threat‑Led Testing & Technical Assessments
• Conduct or oversee compromise assessment and penetration testing activities to evaluate the effectiveness of existing security defenses, detect potential breaches, and validate remediation efforts.
• Conduct formal audits and gap assessments against national, regional, and industry security standards.
• Privacy, Data Governance & AI Ethics
• Audit data privacy, governance, and protection mechanisms to ensure adherence to applicable laws and internal policies.
• Evaluate the AI lifecycle from data acquisition to deployment to ensure fairness, transparency, and compliance with ethical and regulatory requirements.
• Assess controls that influence user trust, service reliability, and the organization’s overall security posture.
• Follow‑Up & Performance Metrics
• Monitor implementation of information security‑related corrective actions to ensure timely and effective resolution.
• Develop and review periodic information security audit metrics to monitor performance, risk coverage, and control effectiveness.
• Special Assignments & Reporting
• Perform special security‑related audit assignments based on management requests.
• Issue concise reports with risk‑ranked findings, root causes, and actionable recommendations; brief management/committee.
• Policies, Processes & Procedures
• Follow all relevant departmental policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.
• Comply with all relevant safety, quality and environmental management policies, procedures and controls to ensure a healthy and safe work environment.
• Information Security
• Ensure the implementation of various information Security practices and standards to ensure compliance with relevant policies and the protection of ELM data and information.