We’re BDO, a global network connected to local markets. Our people work together to provide specialist expertise, helping businesses achieve their goals and grow.
We inspire others, to go further. We create together, to reach higher. We build trust, to lead purposefully.
Whether you're building your future or starting your career – with us, you won’t do it alone. From creating solutions for our clients to building careers for our people, we shape what matters, and that’s where you come in.
Position: Specialist, Information Security Audit
The Specialist, Information Security Audit plays a key role within the Global Office Information Security Assurance function, supporting the Manager, Information Security Audit in delivering independent and objective assurance across BDO member firms. This role will work directly with the Manager, Information Security Audit and the Director, Information Security as primary stakeholders.
The individual will be responsible for planning and executing security audits, assessing the design and effectiveness of controls, and supporting the continuous improvement of global assurance methodologies across the BDO Network. The role requires prior experience in internal or external information security or IT audit, with strong familiarity in ITGCs, ISO 27001 controls, SOC 2 trust criteria, and security risk management.
Key accountabilities
Security Audit & Assurance Delivery
* Conduct end‑to‑end information security audits of BDO member firms, including scoping, fieldwork, control testing, reporting, and follow‑up.
* Perform design and operating effectiveness testing of security controls aligned to ISO 27001, SOC 2, NIST CSF, and internal controls framework requirements.
* Review IT and Security controls (risk management, access management, change management, operations, logging & monitoring, Incident Response, BCP/DR) in accordance with recognised assurance methodologies.
* Identify control deficiencies, root causes, and risks, to enable firms to developing pragmatic and risk‑based remediation actions.
* Support audit quality and consistency by applying standardised assurance frameworks and documentation practices.
Controls Effectiveness Testing
* Conduct thematic, deep‑dive, and targeted testing activities on specific domains (e.g., identity and access management, endpoint hardening, information protection, network security controls).
* Support continuous control monitoring initiatives by analysing data, reviewing control outputs, and validating control performance.
Stakeholder Engagement & Advisory
* Prepare and present audit findings, trends, and recommendations to senior stakeholders within the Global Office and across the member firm network.
* Provide subject‑matter input on internal audit methodologies, tools, and templates.
Operational Support
* Support the Manager, Information Security Audit with the refinement of assurance methodologies, testing scripts, and risk‑based assessment tools.
* Assist in maintaining the repository of audit evidence, reports, and follow‑up records.
Collaborate with cross-functional teams such as Global IT Security, Privacy, and Risk & Compliance.
Qualifications
* Bachelor’s degree in information security, IT, Computer Science, or related discipline.
* 3+ years of experience in internal audit, external audit, or IT assurance (e.g., Audit firm, IT audit teams, risk advisory).
* Strong understanding of internationally recognised frameworks (ISO 27001, SOC 2, COBIT, NIST CSF).
* Experience performing audit fieldwork, walkthroughs, evidence validation, and controls testing.
* Strong capability in writing reports and communicating risk and technical issues in clear business terms.
* Fluent written and spoken English. An ability to read and speak in another language would be beneficial but is not essential.
Preferred:
* Professional certifications such as CISA, ISO 27001 Lead Auditor, CIA, or equivalent.
* Experience with audit management tools or GRC platforms.
* Experience in federated or global organisations.
As a person you have:
* Strong analytical skills and professional scepticism.
* Ability to work independently and navigate complex environments.
* Excellent communication and relationship‑building skills.
* Proactive, structured, and detail‑oriented, with a strong commitment to audit quality.
Why BDO?
We inspire others, to go further
At BDO, your ideas matter. You’re encouraged to think beyond the expected, explore new possibilities, and shape your own path. Here, you can make a meaningful impact, on your career, on your community, and on the future we build together.
We create together, to reach higher
We’re a people‑powered organisation, united by our diverse strengths and shared ambition. You’ll join a collaborative global team that values your perspective, amplifies your ideas, and supports your growth. Through global connections, shared knowledge, and opportunities for mobility, you’ll be part of something bigger: creating solutions that matter.
We build trust, to lead purposefully
Your expertise drives real outcomes at BDO. You’ll be part of an organisation that is trusted, recognised, and respected worldwide. With a strong commitment to integrity, sustainability, and positive impact, you'll be empowered to lead with purpose, both in the work you deliver, and in the communities where you live and work.
Privacy statement
The BDO network is coordinated by Brussels Worldwide Services BV (BWS). By providing personal information during the application process, you consent to BWS processing your personal data for the purpose of treating your application, evaluating your candidacy, and contacting you about the position for which you have applied. We also may process your personal data to:
Evaluate you for any open positions throughout the BDO network.
Generate general statistics.
Inform you of any other job opportunities.
You also agree that we may share such data with BDO firms and service providers, if relevant to this job application.
BWS does not collect ‘sensitive’ personal information except when voluntarily provided by the candidate as part of the application.
If you voluntarily provide sensitive personal information as part of your application, you consent to the use of that information by BWS for legitimate business purposes and the transfer and storage of such information to and in BWS databases.