Senior Security Auditor

Make an impact with NTT DATAJoin a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive.

Your day at NTT DATA

Provide senior-level audit program operations and security assurance support for a global security audit program. The role focuses on coordinating and executing on-site/virtual audits, reviewing audit outputs for quality, maintaining audit calendars, tracking corrective actions (CAP) and remediation closure with third‑party partner sites, and producing operational reporting and forecasts in customer-preferred formats. The scope is advisory/assurance and coordination; technical implementation and remediation delivery are out of scope.

Key Responsibilities:

• Own day-to-day operations of the global supply chain security audit program, ensuring overall quality control and adherence to customer requirements.
• Maintain and continuously update the audit calendar; coordinate scheduling with internal stakeholders and third‑party partner sites (e.g., contract manufacturers).
• Plan and execute on-site or virtual audits as required; manage audit logistics, evidence requests, meeting agendas, and pre-audit readiness activities.
• Assess partner-site network topology and configuration against defined security requirements; document gaps, risks, and recommendations.
• Produce high-quality audit reports, including findings, severity/risk rationale, and Corrective Action Plans (CAP) where applicable.
• Review submitted audit results (from internal/partner contributors) for accuracy, completeness, and quality; drive rework where needed.
• Track remediation actions and open items; coordinate with audit teams and partner-site IT teams to drive timely closure of security gaps and remediation bugs.
• Upon request, conduct supply-chain related data security risk assessments and provide written reports with mitigation recommendations; may include mock ISMS/ISO 27001 readiness audits.
• Support planning and coordination for new security implementations (e.g., kick-off coordination, golden image rollouts, authentication updates) by aligning stakeholders, timelines, and required actions.
• Develop slide decks and support kick-off and executive update presentations for partner sites and program stakeholders.
• Provide light security operations coordination support (e.g., triage and reassignment of EDR detection tickets to partner sites; follow up on remediation status).
• Deliver regular operational reporting (weekly/monthly/quarterly and as required) including progress updates, current status, KPIs, insights, and analysis.
• Prepare operational forecasts (weekly/monthly/quarterly/bi-annual/annual) with assumptions and risk/opportunity assessments, delivered in advance of each reporting period.
• Serve as a country or site lead point of contact when assigned; manage stakeholder communications and escalation paths effectively.
• Maintain strict confidentiality of customer and site information; adhere to customer and site IT policies and procedures.

Qualifications and Experience:

• 6–10+ years of experience in security auditing, security assurance, GRC, or security assessments; experience with third‑party/vendor or supply-chain audits is highly preferred.
• Demonstrated experience running audit program operations: scheduling, readiness, evidence management, reporting, CAP creation, and remediation tracking to closure.
• Working knowledge of ISO/IEC 27001 (ISMS) and common security control domains; ability to perform readiness reviews and control mapping.
• Solid understanding of enterprise networks and security fundamentals to review network topology/configuration and identify control gaps.
• Strong stakeholder management and communication skills; able to engage with cross-functional internal teams and partner-site IT teams across geographies.
• Excellent written English skills with proven ability to produce structured audit reports, executive summaries, KPIs, and forecasts.
• Comfortable working across time zones and managing multiple sites/workstreams; highly organized and detail-oriented.
• Willingness and ability to travel domestically and internationally as required.

Preferred Certifications (Nice to Have):

• CISA, CISSP, ISO/IEC 27001 Lead Auditor/Lead Implementer (or equivalent).
• Additional relevant certifications in risk management, audit, or security frameworks are advantageous.

Workplace type:

About NTT DATANTT DATA is a $30+ billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world’s leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services.  Our consulting and industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is part of NTT Group, which invests over $3 billion each year in R&D.

Equal Opportunity EmployerNTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters 

NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an @nttdata.com email address. If you suspect any fraudulent activity, please contact us.