Senior InfoSec Auditor (Spain, Remote)

View full description

Requirements:

• Thorough understanding of Common Criteria (ISO/IEC 15408), FIPS and its evaluation methodologies.
• Familiarity with Common Evaluation Methodology (CEM) and documentation such as Protection Profiles, Security Targets.
• In-depth knowledge of IT systems including hardware, software, and networks.
• Understanding of system architectures, components, and interactions.
• Ability to analyze technical specifications, designs, and system documentation.
• Previous experience in a similar role with a focus on Common Criteria audits.
• Effective communication skills across diverse teams in both verbal and written formats.
• Preferred industry certifications: CISSP, CISM, Common Criteria certification, CISA.

Responsibilities:

• Serve as the primary lead in evaluation and certification of IT products and systems.
• Evaluate product/system against specified evaluation assurance levels (EAL) to determine security compliance.
• Assess security features, design, implementation, and documentation through hands-on testing.
• Develop comprehensive audit plans defining scope, identifying security requirements, and determining EAL.
• Communicate audit progress, findings, and necessary corrective actions to product developers and stakeholders.