Wurth IT Malaysia Sdn. Bhd. Hiring! Full Time Information Security Auditor - Process - Compliance in Federal Territory - Ricebowl

About the Company

Würth IT is the internal IT service provider of the global Würth Group, a world market leader in fastening and assembly materials with operations in more than 80 countries. From Malaysia, Würth IT teams work as part of a global network, collaborating closely with international colleagues to deliver standardized, secure and reliable IT services that support business operations worldwide.

About the Role

In this role, you will be part of a global auditing team conducting information security and IT compliance audits across Würth Group companies worldwide. Your focus will be on assessing governance, documentation, security processes and the effectiveness of controls, while working closely with technical audit colleagues to build a comprehensive view of each audited environment. Based on your assessments, you will document findings, prepare clear audit reports and provide practical recommendations. The audits cover technical, physical and organizational security conditions and are aligned with established information security standards.

Responsibilities

• Plan, prepare and conduct IT compliance and information security audits for Würth Group companies globally
• Lead the process and compliance part of audits, including the review of organizational, physical and logical security controls, documentation and internal procedures
• Conduct interviews with stakeholders to assess control design, implementation and practical effectiveness during on-site and remote audits
• Evaluate compliance against internal policies, procedures and relevant information security standards
• Independently evaluate audit results, prioritize findings and develop practical recommendations, supported by clear and professional audit reporting
• Present findings and recommendations to audited entities in a clear and constructive manner
• Follow up on corrective actions and support the validation of remediation measures, reflecting common ISO/IEC 27001 auditor practice
• Work closely with colleagues responsible for the technical part of the audit to deliver a complete audit view
• Take ownership of assigned audit topics and contribute to the consistent application and further development of audit methods, templates and assessment standards

Qualifications

• Degree in Information Security, Computer Science, Business Administration, Business Law, Risk Management, or a comparable qualification
• At least 3 years of relevant professional experience in information security, IT audit, compliance, governance, risk, internal control, or a comparable area
• Good understanding of information security governance, risk management, policies, standards, and control frameworks
• Practical experience in auditing or assessing security processes, documentation, and control environments
• Familiarity with ISO/IEC 27001 / ISMS principles; experience in audit findings, corrective actions and maintaining conformity
• Professional certifications such as CISA, CISM, CISSP or ISO/IEC 27001 Lead Auditor are an advantage
• Strong analytical skills and the ability to assess issues independently and formulate practical recommendations
• Strong communication, coordination and stakeholder management skills, with the ability to work effectively in English within international, cross-functional teams; Mandarin language skills are an advantage.
• Willingness to travel internationally as required for audit assignments, typically around 25% of working time