During a discussion between an auditing and certification company, an ISO consultancy and a Cardiff university, an ideal employment opportunity came to light. Students with a background in computer science would be the perfect candidates to fill the gap in the market for ISO/IEC 27001 information security auditors. The career of an auditor is one of variety, security and longevity, as well as being financially rewarding.
Background
ISO/IEC 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). It also includes requirements for assessing and treating information security risks tailored to the certified organization. The standard was introduced in 2005 and revised in 2022.
The universally burgeoning need for organizations to show they conform to recognized information and cybersecurity standards – and provide proof of that conformity – has led to a substantially increased uptake of ISO/IEC 27001. This demand has, in turn, resulted in an ever-widening global skills gap, with many auditors being older people approaching retirement age, alongside an insufficient volume of young people stepping up to take their place.
Puting an Idea into Action
During a South Wales Cyber Security Cluster meeting, attendees decided to explore collaborative ventures in the region. One notable outcome was an idea aimed at fostering collaboration between industry and academia, driven by a common objective.
Among the attendees was Anthony Matthews, a long-standing cluster member and Managing Director at Charmwood Risk Management, a specialized consulting, auditing and advisory firm based in Cardiff. The firm primarily assists businesses in obtaining accredited ISO certification to globally recognized standards, such as ISO 9001, ISO 14001, ISO 45001 and ISO/IEC 27001.
With over 22 years of experience in the certification industry, Anthony noticed a conspicuous lack of auditors to facilitate certification for his clientele. While many auditors in the field were nearing retirement, there was a general scarcity of available professionals. Reflecting on this, Anthony recognized auditing as a promising career path, offering opportunities for later transition into consultancy. However, he grew concerned about the lack of younger individuals entering the sector and sought to contribute to its transformation.
During discussions with Dr Chaminda Hewage, Programme Director for Computer Security at Cardiff Metropolitan University, they identified a potential solution to this gap: empowering younger individuals interested in IT through upskilling. This approach would not only address the auditor shortage but also enrich the students' CVs, setting them apart in their initial job applications.
The opportunity for further impact was clear. Leveraging Anthony's involvement in SGS's Consultants Connect program, he reached out to Vanda Bell, Head of Sales and Key Accounts at SGS UK, to explore the possibility of incorporating the ISO/IEC 27001 auditor training course into the Masters’ curriculum at Cardiff Metropolitan University. Vanda expressed: “We were delighted to collaborate with Anthony and Chami to provide this training and support the students in achieving greater success.”
The Result
Cardiff Metropolitan University provided funding, enabling Geoff Green, an SGS ISO/IEC 27001 trainer, to conduct internal auditor training for 27 IT Security Masters’ students.
Following the training, the graduating students entered the workforce, with two attributing their new roles, in part, to obtaining the auditor qualification. Rahmi Hussain, who secured a position as a Data Confidentiality Assurance Analyst at Admiral (EUI), expressed appreciation for the interactive classroom-based ISO/IEC 27001 training, noting its refreshing departure from online training amid the pandemic.
Next Steps
At the time of writing, the trio is collaborating with Cardiff Metropolitan University to identify additional courses where an internal auditor qualification could not only enhance career prospects but add valuable competitive advantage to the university’s offering.
To find out how you can get involved in a similar project with SGS and Charmwood, please call 0151 350 6666 or email [email protected].