ISMS Compliance - ISO Audit & Implementation

Cyber Security and ISMS (Information Security Management System) Compliance is responsible for implementing and maintaining the organization's cybersecurity infrastructure and ensuring the protection of information systems and data adhering to ISO 27001 standards and other relevant information security frameworks within the organization. This role involves designing, configuring, and monitoring security solutions, conducting security assessments, and responding to security incidents. They will work closely with various stakeholders to drive compliance with information security policies, procedures, and controls.

Key Responsibilities:

• Assist in conducting information security assessments, gap analyses, and risk assessments to evaluate clients' compliance with ISO 27001 and other applicable standards.
• Monitor and assess the effectiveness of information security controls and processes to ensure compliance with regulatory requirements and internal policies.
• Conduct regular risk assessments and vulnerability assessments to identify and mitigate potential security risks and gaps.
• Collaborate with internal teams to ensure that security controls are integrated into the design and development of systems, applications, and processes.
• Provide guidance and support to business units and departments on information security practices, policies, and procedures.
• Conduct internal audits and reviews to assess the effectiveness of information security controls and identify areas for improvement.
• Lead incident response and investigation activities in the event of information security incidents or breaches.
• Stay updated on emerging security threats, industry best practices, and regulatory changes to recommend appropriate actions for maintaining compliance.
• Prepare and present reports, metrics, and updates on ISMS compliance to management and stakeholders.
• Collaborate with cross-functional teams, including IT, Legal, Admin, HR, Risk Management, etc., to ensure a coordinated approach to ISMS.
• Collaborate with external auditors during ISO 27001 certification audits and assist in addressing audit findings.

Qualifications and Skills:

• Bachelor's degree in Information Technology, Computer Science, or a related field.
• Professional certifications such as ISO 27001 Lead Auditor, CISSP, CISM, or similar certifications are highly desirable.
• Security+/ CEH is preferable.
• Solid understanding of ISO 27001 standards and frameworks, as well as other relevant information security frameworks (e.g., NIST Cybersecurity Framework, GDPR, HIPAA, DPDPA).
• 4-8 years of experience in developing and implementing ISMS compliance programs, policies, and procedures.
• Knowledge of risk management principles and methodologies.
• 4-8 years of experience in conducting internal audits and managing external audits.
• Familiarity with incident response and management processes.
• Familiarity with change management processes.
• Familiarity with technologies like EDR/ XDR, SIEM, PAM, NMS etc.
• Ability to stay updated on industry trends, emerging technologies, and regulatory changes related to information security.

Interested candidates can share their updated resumes at kirti.goyal@protivitiglobal.in