ISO 9001 & 27001 Internal Auditor

About the role

Coaley Peak holds ISO 9001:2015 and ISO 27001:2022 certifications, and we take them seriously. Every process we run — from client delivery to recruitment to data handling — is expected to meet the standards we are certified to. As Internal Auditor, you will be the person who keeps us honest.

You will plan and conduct internal audits across all business functions, identify non-conformances and areas for improvement, and work with function leads to close findings before they become surveillance or recertification issues. You will also support client-facing quality and security assurance work — because many of our clients ask us to evidence our compliance posture before they hand over sensitive systems access.

This is not a box-ticking role. We want someone who understands why these standards exist, can translate dense requirements into practical improvements, and has the confidence to challenge processes that are not up to scratch — at any level of the organisation.

The kind of person we are looking for

At Coaley Peak, the technical work is only half the job. We are looking for people who are genuinely reliable — who do what they say they will, when they said they would, without needing to be chased. People who are friendly and easy to work with, both with colleagues and with clients. People who can sit in a boardroom and explain a complex AI model in plain English, and then go back to their laptop and write clean, well-documented code. People who are hungry, hard-working, and take real pride in their output — not because someone is watching, but because that is simply how they operate.

You are methodical, detail-oriented, and genuinely interested in how organisations work. You enjoy the detective work of an audit — following a process from end to end, spotting where reality diverges from the documented procedure, and working constructively with people to fix it. You are direct without being confrontational, and you understand that good audit findings improve things rather than just create paperwork. Experience in a tech company, consultancy, or regulated environment is a strong advantage.

What you will do

• →Plan, schedule, and conduct internal audits across all functions against ISO 9001:2015 and ISO 27001:2022 requirements
• →Produce clear, well-evidenced audit reports with findings categorised by severity and assigned to responsible owners
• →Track corrective and preventive actions (CAPAs) through to closure, escalating overdue items to senior leadership
• →Maintain and update the internal audit programme, ensuring full coverage of all certification scope areas on a rolling basis
• →Support external surveillance and recertification audits — preparing evidence packs, coordinating function leads, and liaising with the certification body
• →Conduct supplier and subcontractor audits where required, particularly for third parties with access to client data
• →Identify opportunities for process improvement across quality management and information security practices
• →Maintain the document control system and ensure all controlled documents are current, approved, and accessible
• →Brief staff on compliance requirements, common audit findings, and how to prepare for audits — making ISO feel understandable rather than intimidating
• →Support client-facing due diligence requests: completing security questionnaires, providing evidence of compliance posture, and participating in client audits where required

What we are looking for

Essential

• →Demonstrable experience conducting internal audits to ISO 9001 and/or ISO 27001 — either as a practitioner or in a dedicated audit role
• →Thorough working knowledge of ISO 9001:2015 and ISO 27001:2022 requirements
• →Experience writing clear, evidence-based audit reports and tracking corrective actions
• →Strong interpersonal skills — able to conduct audits collaboratively and influence process owners at all levels
• →High attention to detail and comfort working with documentation and evidence management
• →Right to work in the United Kingdom

Desirable (not essential)

• →Formal internal auditor qualification (CQI/IRCA or equivalent) for ISO 9001, ISO 27001, or both
• →Experience supporting external certification audits (Stage 1, Stage 2, surveillance, recertification)
• →Familiarity with UK GDPR and DPA 2018 obligations, and how they interact with ISO 27001
• →Experience in a technology company, AI business, or professional services environment
• →Exposure to risk management frameworks (ISO 31000, NIST, Cyber Essentials, or similar)

What we offer

• →Salary of £38,000 – £52,000 per annum, dependent on experience, reviewed annually
• →28 days annual leave plus bank holidays
• →Hybrid working — Cheltenham HQ and remote (UK-based)
• →Private healthcare and employee assistance programme (EAP)
• →£2,000 annual professional development budget — we will fund further auditor qualifications
• →A role with real scope: you will own the audit programme end-to-end, not support someone else's
• →Regular team offsites and an annual international travel programme
• →Accredited Living Wage Employer

Vetting & pre-employment checks

Enhanced DBS

All Coaley Peak roles require a minimum of an Enhanced DBS check as standard. By applying you consent to these checks being conducted in the event of an offer being made. This role involves access to sensitive internal systems, client data evidence packs, and security documentation. A standard baseline personnel security check is required in addition to Enhanced DBS.

How to apply

Send your CV and a short cover note to careers@coaleypeak.co.uk, quoting reference CP-CMP-2025-001. Tell us about an audit you have conducted, a finding you raised, and how it was resolved. We review on a rolling basis and will acknowledge receipt within five working days.

Accessibility & reasonable adjustments

We want every candidate to have the best possible experience of our hiring process. If you need any adjustments — alternative formats, additional preparation time, a different interview setting, or anything else — please let us know as early as possible by emailing careers@coaleypeak.co.uk. All requests are handled in confidence and will not affect how your application is assessed.

Career progression

Disclaimer: Career progression paths shown are indicative and based on typical industry trajectories. They are not a guarantee of promotion or role availability at Coaley Peak or any other organisation. Progression depends on individual performance, business requirements, and market conditions.

Similar roles at Coaley Peak

Similar jobs outside Coaley Peak

Roles in the broader market with significant overlap to this position.