Chapter 3.3

Tier 3—Lead Auditor

Abstract

The Lead Auditor is a bridge between technical and non-technical, between management and non-management. Lead Auditor is a full-time position and will usually be a formal or informal leader of a dedicated audit team. The Lead Auditor may have the authority to decide what is being audited against or, if this is determined elsewhere, to what detail and depth the auditing is done. The Lead Auditor may also be the primary author, editor, and approver of the final audit report.

Keywords

Lead Auditor
technical
management
review
security standards

Introduction

“He who knows does not speak; he who speaks does not know.”

— Laozi

The Lead Auditor is a bridge between technical and non-technical, between management ...

Get Breaking into Information Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.