Senior Internal Auditor

Overview:

The Senior Internal Auditor is responsible for planning, executing, and reporting on internal audits of the Information Security Management System (ISMS) to ensure compliance with ISO 27001 standards. This role supports continuous improvement of security controls and processes, identifies non-conformities, and collaborates with stakeholders to implement corrective actions.

Starting base pay for this role is between $80,000 and $100,000. The actual base pay is dependent upon many factors, such as transferable skills, work experience, business needs, training, location, and market demands. The base pay range is subject to change and may be modified in the future. This role will be eligible for a bonus as well as competitive medical, dental, and vision benefits, wellness reimbursement, life insurance, and a 401(k) with company match. We offer vacation and sick leave benefits (under a flexible time off policy in most states).

Responsibilities:

• Audit Planning & Execution
• Develop and maintain the ISMS internal audit schedule and plan.
• Conduct audits of ISMS policies, procedures, and implemented controls against ISO 27001 requirements.
• Collect and review evidence, perform interviews, and document observations.
• Reporting & Follow-Up
• Prepare detailed audit reports highlighting findings, non-conformities, and opportunities for improvement.
• Communicate audit results to the Information Security Leader and ISMS Governance Council.
• Track corrective actions and verify remediation effectiveness.
• Compliance & Governance
• Ensure confidentiality and integrity of audit data and supporting evidence.
• Maintain audit records in accordance with documented information control policies.
• Support readiness for external audits and certification activities.
• Continuous Improvement
• Identify process gaps and recommend improvements to strengthen ISMS compliance.
• Stay current on ISO 27001 updates and related security standards.

Qualifications:

• Bachelor's degree in Information Security, Risk Management, or related field.
• 3-5 years of experience in internal auditing or IT compliance (ISO 27001 preferred).
• Knowledge of ISMS principles, ISO 27001 controls, and audit methodologies.
• Strong analytical, documentation, and communication skills.
• Preferred certifications: CISA, ISO 27001 Lead Auditor, or similar.
• Experience with NIST and SOC a plus.

Competencies

• Objectivity and impartiality in auditing processes.
• Ability to manage multiple audits and deadlines.
• Detail-oriented with a commitment to accuracy and compliance.

Benefits:

• Medical and Dental coverage available for employees, dependents, domestic partners, and spouses
• Paid Time Off – Flexible options plus 10 paid company holidays where available**
• All full-time positions are hybrid, with many eligible to be completely remote
• Fully Paid by Origami Risk – Vision insurance, Short & Long-Term Disability Insurance, and Basic Life Insurance
• Generous family leave options—including adoption and foster care placements
• Pre-Tax Savings Accounts – Flexible Spending Account, Health Savings Account, Commuter Benefits, Dependent Care Savings Account
• Retirement Savings – 401(k) with company match up to 4%
• Employee Assistance Program (EAP) – Confidential & Free support offered to colleagues facing personal or work-related complications
• Education Assistance Program – to help colleagues pursue industry/role-specific certifications
• Wellness Benefits – reimbursement program to invest in healthy habits as well as support better colleague productivity and stress management
• Additional coverages available – Pet Insurance, Critical Illness Insurance, and Voluntary Life & AD&D coverage

**Flexible PTO not available in California or the UK

Who We Are:

Origami Risk delivers single-platform SaaS solutions that help organizations best navigate the complexities of risk, insurance, compliance, and safety management.

Founded by industry veterans who recognized the need for risk management technology that was more configurable, intuitive, and scalable, Origami continues to add to its innovative product offerings for managing both insurable and uninsurable risk; facilitating compliance; improving safety; and helping insurers, MGAs, TPAs, and brokers provide enhanced services that drive results.

A singular focus on client success underlies Origami's approach to developing, implementing, and supporting our award-winning software solutions.

Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.

Caution: Be alert to recruiting scams. We have received reports of individuals impersonating Origami Risk recruiters to deceive candidates into disclosing personal information. These impostors use fake Origami Risk domain names and email addresses. Please double-check that any email address from an Origami Risk recruiter ends with or . And to confirm the legitimacy of any recruiting communication, feel free to email .