ZipRecruiter

Log In

1

Isms Lead Auditor Jobs (NOW HIRING)

OneStudyTeam

Security Compliance Manager

$140K - $170K/yr

Lead security certification & audit readiness (ISO 27001 / SOC 2): Drive quarterly ISO control ... Manage internal ISMS control reviews, coordinate remediation and corrective actions, and ensure ...

OneStudyTeam

Security Compliance Manager

Boston, MA · Remote

$140K - $170K/yr

Lead security certification & audit readiness (ISO 27001 / SOC 2): Drive quarterly ISO control ... Manage internal ISMS control reviews, coordinate remediation and corrective actions, and ensure ...

Comtech, LLC

Financial Analyst

Arlington, VA

... System (ISMS), and CMMI-DEV Level 3" The Federal Financial Specialist serves as a member of a ... Auditing, Accounting and/or Financial Management Experience executing DoD operations and business ...

Rubix Recruiting

Senior Security Consultant

Denver, CO · On-site

Security Consulting Knowledgeable about the ISMS; Provides advice and guidance about Security ... auditing, Identity Access Management Participate in solution architecture design; lead security ...

Niterra North America Inc

Cyber Security Analyst

Wixom, MI · On-site

$70K - $90K/yr

Work closely with external auditors to implement necessary security controls based on audit ... Regularly review logs to detect anomalies or potential security threats that could lead to security ...

next page

Showing results 1-20

People also search for

All JobsIsms Lead Auditor Jobs

Isms Lead Auditor information

See salary details

$32.5K

$102.9K

$147K

How much do isms lead auditor jobs pay per year?

As of Jun 11, 2026, the average yearly pay for isms lead auditor in the United States is $102,886.00, according to ZipRecruiter salary data. Most workers in this role earn between $80,500.00 and $132,500.00 per year, depending on experience, location, and employer.

Is ISO 27001 Lead Auditor worth it?

ISO 27001 Lead Auditor certification is valuable for information security professionals, as it demonstrates expertise in auditing and managing information security management systems (ISMS). It can enhance job prospects, increase earning potential, and is often required for roles involving compliance and risk management. The certification also provides knowledge of audit processes, standards, and tools used in information security environments.

What are some common challenges faced by ISMS Lead Auditors during internal audits, and how can they be addressed?

ISMS Lead Auditors often encounter challenges such as resistance to change from staff, incomplete documentation, and varying levels of security awareness across departments. Addressing these issues requires strong communication and interpersonal skills to build trust, thorough preparation to understand the organization's processes, and the ability to provide constructive feedback. Proactively engaging stakeholders and offering clear explanations of ISO 27001 requirements can help foster cooperation and ensure a smoother audit process.

What is the salary of Lead Auditor in ISMS?

The salary of an ISMS Lead Auditor typically ranges from $70,000 to $120,000 annually, depending on experience, certifications such as ISO 27001 Lead Auditor, and geographic location. Senior auditors with extensive expertise and certifications tend to earn higher salaries in this role.

How much do ISO 27001 auditors get paid?

ISO 27001 auditors typically earn between $60,000 and $120,000 annually, depending on experience, certification level, and geographic location. Lead auditors with extensive experience and certifications tend to earn higher salaries, especially when working for large organizations or consulting firms.

How much does a Lead Auditor charge for ISO 27001?

Lead Auditors for ISO 27001 typically charge between $1,000 and $3,000 per day, depending on experience, location, and the complexity of the audit. The total cost for an organization can range from $5,000 to over $20,000 for a full certification audit, which includes preparation, on-site assessment, and reporting. Fees may also vary based on whether the auditor is independent or part of a consulting firm.

What is an ISMS Lead Auditor?

An ISMS Lead Auditor is a professional responsible for assessing and evaluating an organization's Information Security Management System (ISMS) to ensure it meets established standards, such as ISO/IEC 27001. They plan, lead, and report on audits to determine if information security controls are effectively implemented and maintained. ISMS Lead Auditors also provide recommendations for improvement and ensure compliance with regulatory and contractual requirements. Their role is crucial in helping organizations protect sensitive information and manage security risks.

What is the difference between Isms Lead Auditor vs Isms Auditor?

AspectIsms Lead AuditorIsms Auditor
CertificationsISO 27001 Lead Auditor, ISO 45001 Lead AuditorISO 27001 Auditor, ISO 45001 Auditor
Work EnvironmentLeads audit teams, manages audit planning, reportsConducts audits, gathers evidence, reports findings
Employer & IndustryConsulting firms, large organizations, certification bodiesOrganizations seeking certification, internal audit teams

The main difference between an Isms Lead Auditor and an Isms Auditor lies in their responsibilities. The Lead Auditor oversees the entire audit process, manages teams, and ensures compliance, while the Auditor performs the actual audits and reports findings. Both roles require similar certifications but differ in scope and leadership duties.

What are the key skills and qualifications needed to thrive as an ISMS Lead Auditor, and why are they important?

To excel as an ISMS Lead Auditor, you typically need in-depth knowledge of information security management systems, audit methodologies, and relevant standards like ISO/IEC 27001, supported by certifications such as ISO 27001 Lead Auditor. Familiarity with audit management tools, risk assessment software, and compliance tracking systems is commonly required. Strong analytical thinking, attention to detail, and effective communication help auditors identify gaps and convey findings clearly to stakeholders. These skills ensure rigorous, credible audits that protect organizational data and maintain compliance with international security standards.
More about Isms Lead Auditor jobs
What are the most commonly searched types of Isms Lead Auditor jobs? The most popular types of Isms Lead Auditor jobs are:
What job categories do people searching Isms Lead Auditor jobs look for? The top searched job categories for Isms Lead Auditor jobs are:
Isms Lead Auditor jobs near you
Infographic showing various Isms Lead Auditor job openings in the United States as of June 2026, with employment types broken down into 16% As Needed, 19% Full Time, 9% Temporary, and 56% Contract. Highlights an 92% Physical, 3% Hybrid, and 5% Remote job distribution, with an average salary of $102,886 per year, or $49.5 per hour.
IT Security Lead - Risk Management

IT Security Lead - Risk Management

Owens Corning

Toledo, OH • On-site

Full-time

Posted 23 days ago

Owens Corning rating

8.0

Company rating: 8.0 out of 10

Based on 97 frontline employees who took The Breakroom Quiz

132nd of 518 rated manufacturers

Job description

PURPOSE OF THE JOB
The IT Security Lead - Risk Management is a critical member of the Owens Corning Global Information Services (GIS) Security team. This role supports the Governance, Risk, and Compliance (GRC) function by executing cybersecurity governance activities, performing risk assessments, maintaining security policies and standards, supporting audits, and enabling compliance across the enterprise.
This role has global responsibility for identifying, analyzing, documenting, and communicating cybersecurity risks and control gaps in support of the cybersecurity risk framework. Strong analytical skills are required to assess complex environments, identify emerging risks and inconsistencies, and translate findings into clear, actionable guidance for risk owners and leadership.
The IT Security Lead - Risk Management also supports cybersecurity compliance activities across projects, programs, facilities, and business functions. This role manages information security communications, including policies, standards, and related requirements, ensuring updates are documented, approved, and communicated in alignment with governance expectations.
Success in this role requires comfort operating in a fast-paced environment, managing multiple priorities, and adjusting to changing business needs. Curiosity, integrity, honesty, and strong attention to detail are essential, particularly when working with regulatory requirements, audit evidence, risk documentation, and enterprise reporting.
Reports to: IT Security Leader - Governance, Risk and Compliance
Span of Control:Individual Contributor
JOB RESPONSIBILITIES
Knowing Our Businesses and their Strategies
  • Maintain strong awareness of evolving security standards, regulatory requirements, and industry best practices, and assess their impact on organizational risk posture and compliance obligations.
  • Enable effective governance and audit readiness for Business Continuity and Disaster Recovery (BCP/DR) controls, aligned with information security, incident response, and compliance requirements.
  • Identify opportunities to align security and compliance initiatives with strategic business programs (e.g., digital transformation, AI adoption, operational resilience), ensuring security is embedded as a business enabler rather than a constraint.
  • Provide governance support for AI and machine-learning capabilities by maintaining and evolving security, governance, and responsible-AI policies aligned to enterprise objectives; executing AI security and risk assessments to identify control gaps and emerging risks; coordinating with Legal, Privacy, and business stakeholders to ensure alignment with regulatory, ethical, and compliance expectations; and continuously monitoring regulatory developments, industry trends, and emerging risks to inform and strengthen governance practices.

Executing Strategy
  • Support enterprise cybersecurity governance and compliance efforts, including development and maintenance of information security policies, standards, procedures, and ISO 27001 ISMS documentation.
  • Perform compliance and assurance activities, including internal control reviews and external audit coordination.
  • Perform information security risk assessments in accordance with the cybersecurity risk framework.
  • Identify control gaps, weaknesses, and emerging risks, document findings clearly and consistently.
  • Support risk owners with analysis, impact statements, and documentation.
  • Track and report risk remediation activities and status.
  • Execute third-party security assessments aligned with vendor risk management processes.
  • Document vendor risks, control gaps, and remediation actions.
  • Maintain vendor risk documentation and audit evidence.
  • Draft, review, and maintain information security policies, standards, procedures, and guidelines.
  • Ensure policies align with ISO 27001, regulatory requirements, and internal governance standards.
  • Perform ongoing control testing and monitoring activities.
  • Track audit findings, remediation activities, and evidence closure.

Influencing in the Function
  • Collaborate with cross-functional partners to support security and compliance requirements.
  • Partner with Internal Controls, Internal Audit, and external auditors to provide evidence, documentation, and subject matter expertise.
  • Engage with application and system owners to assess control effectiveness and document risk posture.
  • Communicate findings clearly, distinguishing between required controls and best-practice recommendations.
  • Prepare accurate, well-articulated reports on ISMS status, assessment results, and compliance metrics.
  • Support documentation, publication, and communication of approved policy and control changes.
  • Promote a culture of accountability, transparency, and continuous improvement within information security.

Developing Talent
  • Support security awareness activities related to policy understanding and adherence.
  • Mentor and coach team members to build information security knowledge, risk awareness, and governance capabilities.
  • Share knowledge with a broader audience through training sessions, forums, and cross-functional engagements on information security topics.
  • Proactively communicate security expectations, emerging risks, and best practices to drive awareness and adoption across the organization.
  • Identify opportunities to improve documentation quality, assessment consistency, and governance processes while enabling team learning and growth.

JOB REQUIREMENTS
MINIMUM QUALIFICATIONS
  • Bachelor's degree in computer science, Information Systems, Information Technology; equivalent experience may be considered in lieu of a degree
  • 5+ years of information security experience
  • 3+ years supporting governance, risk, and compliance functions

KNOWLEDGE, SKILLS AND ABILITIES
  • Strong understanding of project and operational execution in complex environments, with a hands-on, delivery-focused approach
  • Strong knowledge of security controls, data classification, regulatory requirements, and privacy standards, including working knowledge of ISO 27001
  • Excellent analytical, documentation, and problem-solving skills, with the ability to translate risks into clear, actionable controls and audit evidence
  • Proven ability to build trust and work effectively across a highly matrixed, global organization, engaging stakeholders with varying levels of technical expertise
  • Proven ability to manage multiple priorities with strong attention to detail
  • Excellent communication, organizational, and interpersonal skills Self-starter with curiosity and a continuous improvement mindset
  • Service-oriented professional with high personal standards and accountability
  • Working knowledge of AI governance, responsible AI principles, and emerging regulatory considerations, with the ability to translate evolving risks into practical security and compliance frameworks
  • Experience supporting business continuity, disaster recovery, or operational resilience initiatives from a security or compliance perspective
  • Demonstrated ability to distinguish between mandatory security requirements and best practices, and clearly articulate that distinction
  • Ability to travel up to 10%, domestically

#LI-JP1
#LI-HYBRID
About Owens Corning
Owens Corning is a branded building products leader with three complementary market-leading businesses providing roofing, insulation, and doors primarily for residential markets in North America and Europe. The company operates with an integrated go-to-market strategy and a unique set of OC Advantages™ - including its iconic brand, unparalleled commercial strength, leading technology, and winning cost position - to help customers win and grow in the market. Owens Corning is committed to helping build better and achieve more through winning partnerships, leading performance, and engaging people. Founded in 1938 and headquartered in Toledo, Ohio, Owens Corning is listed on the New York Stock Exchange (NYSE: OC). For more information, visit www.owenscorning.com.
Owens Corning is an equal opportunity employer. Except in limited circumstances such as formal apprenticeship programs, Owens Corning does not employ anyone under the age of 18.

What Owens Corning employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

OWENS CORNING logo

About OWENS CORNING

Sourced by ZipRecruiter

Owens Corning (OC) develops, manufactures and markets insulation, roofing, and fiberglass composites. Global in scope and human in scale, the company's market-leading businesses use their deep expertise in materials, manufacturing and building science to develop products and systems that save energy and improve comfort in commercial and residential buildings. Through its glass reinforcements business, the company makes thousands of products lighter, stronger and more durable. Ultimately, Owens Corning people and products make the world a better place. Based in Toledo, Ohio, Owens Corning posted 2017 sales of $6.4 billion and employs 19,000 people in 37 countries. It has been a Fortune 500® company for 64 consecutive years. For more information, please visit www.owenscorning.com. A career at Owens Corning offers the ability to enhance your expertise and achieve your personal and professional aspirations. Through it all, we'll empower you with an environment that encourages open communication and big ideas, competitive pay for your performance, comprehensive benefits, and more opportunities to make your impact.

Industry

Construction materials wholesalers

Company size

10,000+ Employees

Headquarters location

Toledo, OH, US

Social media

FacebookTwitter

View All OWENS CORNING Jobs

Apply