Assistant/Associate ISMS Auditor

• We are looking for a skilled and proactive ISMS Assistant Auditor/Associate Auditor to join our team, responsible for conducting audits and assessments of our our client s Information Security Management System (ISMS)
• The ideal candidate will possess a solid understanding of ISMS frameworks and standards, such as ISO 27001, NIST, and IEC 62443, and demonstrate expertise in evaluating security controls and processes
• Strong analytical skills, attention to detail, and a commitment to upholding security best practices are essential for this role
• The successful candidate will play a key role in ensuring the integrity and effectiveness of our information security practices
• - Develop and implement comprehensive audit plans aligned with organizational risk assessments and relevant standards
• - Conduct audits of clients Information Security Management System (ISMS) based on ISO 27001:2022, NIST, GDPR, ITGC IEC62443 standards to assess compliance and identify areas for improvement
• - Conduct independent and objective assessments of the ISMS, evaluating the design, implementation, and effectiveness of information security controls
• - Identify vulnerabilities, control weaknesses, and non-compliance issues through interviews, document reviews, testing procedures, and other established audit methodologies
• - Identify and assess the organizations information security risks and develop audit reports detailing findings, recommendations, and corrective actions with recommended mitigation measures
• - Stay updated with industry trends, standards, and regulations related to information security through professional development activities and participate in information security continuous improvement initiatives to enhance the effectiveness of the ISMS
• - Collaborate with stakeholders across various departments (IT, HR, Legal) to implement corrective actions effectively
• - Explain audit findings and recommendations to management and relevant parties, ensuring understanding and buy-in for proposed actions
• - Collaborate effectively with diverse client stakeholders to ensure alignment with Information Security Management policies, procedures, guidelines, and processes
• - Responsible for creating ISMS-related Documents / Checklists / Policies / SOPs , conducting ISMS Audits, and driving ISMS-related activities throughout all the locations
• - Review and customize cyber security training and awareness materials when needed and conduct training on specific programs for clients as determined by the ISMS Manager
• - Support the organization/clients in achieving and maintaining ISO 27001:2022 certification
• - Designed policy framework based on ISO 27001:2022, opened and closed an audit meeting, and assisted with follow-up audits
• - Review and update audit methodologies and tools based on emerging threats, best practices, and organizational changes
• - Adhere to strict ethical standards and organizational information security policies when handling sensitive data obtained during the audit process
• Education:- A bachelors degree in technology or engineering, Information or Cyber Security, Computer Science, BCA/MCA, or a related field is typically required

Experience:

• - Minimum 2-3 years experience in information security, risk management, or IT auditing, of which one year in a role or function related to Information Security Audit
• - Significant experience in ISO 27001/2 standards for consulting, collaboration, implementation auditing is highly desirable
• Specialized Knowledge:- A strong understanding of information security frameworks like ISO 27001, NIST Cybersecurity Framework (CSF), GDPR, CIS, IEC 62443 or similar
• - Experience planning, preparing, and delivering internal and external audits, including Compliance Audits
• - Should have detailed experience and knowledge of Cyber/Information Security Governance, Risk Management, and Compliance
• - Experience with regulatory compliance DPDP, CERT-In, NCIIPC, RBI, SEBI, IRDA
• - Knowledge of information security controls, risk assessment methodologies, and vulnerability management principles