General employee questions
- Where can you find the information security policy?
- What are your main information security responsibilities?
- How do you report a suspected security incident?
- What security training have you completed?
- What would you do if you received a suspicious email?
- How do you handle confidential information?
Manager questions
- How do you ensure your team follows security policies?
- How do you track security training completion?
- How do you handle non-compliance?
- How do you communicate policy changes?
- How do you ensure role changes and leavers are handled securely?
System owner questions
- What system or asset do you own?
- Who approves access?
- How often is access reviewed?
- What risks are linked to this system?
- What evidence shows controls are operating?
Security leadership questions
- Who owns information security overall?
- How are responsibilities allocated?
- How do you monitor control performance?
- How do you manage policy exceptions?
- How are audit findings tracked and remediated?
Third-party/vendor owner questions
- What suppliers are in scope?
- What security responsibilities are assigned to suppliers?
- How are supplier obligations monitored?
- What incident notification requirements exist?
- Who owns the supplier relationship internally?
- Template
- Audit
- Interview
Note Metadata
Aliases: Internal Audit Interview Questions
Source: 90 Templates/Internal Audit Interview Question Bank.md