Security Auditor

Description

We are looking for a skilled and proactive ISMS Auditor to join our team, responsible for conducting audits and assessments of our & our client's Information Security Management System (ISMS). The ideal candidate will possess a solid understanding of ISMS frameworks and standards, such as ISO 27001 NIST, and IEC 62443, and demonstrate expertise in evaluating security controls and processes. Strong analytical skills, attention to detail, and a commitment to upholding security best practices are essential for this role. The successful candidate will play a key role in ensuring the integrity and effectiveness of our information security practices.

Responsibilities

• Develop and implement comprehensive audit plans aligned with organisational risk assessments and relevant standards.
• Conduct audits of clients Information Security Management System (ISMS) based on ISO 27001:2022, NIST, and ISA/IEC 62443 standards to assess compliance and identify areas for continual improvement.
• Conduct independent and objective assessments of the ISMS, evaluating the design, implementation, and effectiveness of information security controls.
• Identify vulnerabilities, control weaknesses, and non-compliance issues through interviews, document reviews, testing procedures, and other established audit methodologies.
• Identify and assess the organisation's information security risks and develop audit reports detailing findings, recommendations, and corrective actions with recommended mitigation measures.
• Stay updated with industry trends, standards, and regulations related to information security through professional development activities and participate in information security continuous improvement initiatives to enhance the effectiveness of the ISMS.
• Collaborate with stakeholders across various departments (IT, HR, Legal, etc.) to implement corrective actions effectively.
• Explain audit findings and recommendations to management and relevant parties, ensuring understanding and buy-in for proposed actions.
• Collaborate effectively with diverse client stakeholders to ensure alignment with Information Security Management policies, procedures, guidelines, and processes.
• Responsible for creating ISMS-related Documents/Checklists/Policies/SOPs, conducting ISMS Audits, and driving ISMS-related activities throughout all the locations.
• Review and customise information/cyber security training and awareness materials when needed and conduct training on specific programs for clients as and when required.
• Support the organisation/clients in achieving and maintaining ISO 27001:2022 certification.
• Designed policy framework based on ISO 27001:2022, opening and closing of an audit meeting, and assisted with follow-up audits.
• Review and update ISMS audit methodologies and tools based on emerging threats, best practices, and organisational changes.
• Adhere to strict ethical standards and organizational information security policies when handling sensitive data obtained during the audit process.

Eligibility

• A bachelor's degree in technology or engineering, Information or Cyber Security, Computer Science, BCA/MCA, or in the case of other fields (a Master's degree in Information/ Cyber Security is typically required). Minimum Practical 2+ years experience in information security, risk management, or IT auditing, of which two years in a role or function related to Information Security Audit.
• Significant experience in ISO 27001/2 standards for consulting, collaboration, implementation & auditing is highly desirable.
• A strong understanding of information security frameworks like ISO 27001, NIST Cybersecurity Framework (CSF), GDPR, CIS, IEC 62443 or similar.
• Experience planning, preparing, and delivering internal and external audits, including Compliance Audits.
• Should have detailed experience and knowledge of Cyber/Information Security Governance, Risk Management, and Compliance.
• Experience with International regulatory compliances with a specific focus on Indian Regulatory Compliances such as DPDPA, CERT-In, NCIIPC, RBI, SEBI, IRDA, SMLDI, etc.
• Knowledge of industry good practices and procedures, Information Security Management tools-methods-techniques-and their applications, ISMS specific documentation structures-hierarchy-and interrelationships, electronic and digital signatures, electronic evidence collection, etc.
• Strong Knowledge of Audit planning, Audit risks, Information Security Process Analysis, information security controls, risk assessment methodologies, vulnerability management principles and Internal Auditing of Information Security Management Systems.

Desired Eligibility

• Proficient in MS Office applications such as Microsoft Office Word, Excel, PowerPoint.
• Proficient in presentation skills.
• Proficient in writing clear, concise audit reports with practical communication skills for technical & non-technical audiences.
• Proficiency in using relevant audit tools and technologies.
• Ability to work under pressure, meet deadlines, and maintain a positive attitude.
• Strong interpersonal skills and ability to work independently or in a team.
• Multi-Linguistic.
• Being ethical, open-minded, collaborative, diplomatic, observant, perceptive, versatile, tenacious, decisive, self-reliant, professional, morally courageous, organised.

Mandatory Professional Certifications and Professional Credits:

• CQI/IRCA or PECB-Certified ISO/IEC 27001:2022 Lead Auditor.
• PECB-Certified ISO/IEC 27005:2022 (Lead) Risk Manager or BSI-Certified in ISO/IEC 27005:2022 Information Security Risk Management
• A minimum of 20 CPD/ CPE credits.

Desired Professional Certifications:

Candidates with the following certifications or equivalent experience shall get preference:

Information Security (GRC) certifications:

• CISA, CISSP, CISM, CRISC, CCAK, ISO/IEC 27018:2019, ISO/IEC 27701:2019 Lead Auditor PCI-DSS v4, ISO/IEC 31000:2018, NIST CSF, CQI/IRCA Certified BCMS ISO 22301:2019 Lead Auditor, etc.

Cyber Security Certifications:

• ICS/SCADA Cybersecurity, GSEC, SSCP, CEH. CPENT, CHFI, CCISO, CSA, CTIA, EDRP, ICS/SCADA Cybersecurity, CompTIA Security+, CompTIA CASP+, GCIH,

Travel

As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams

Communication

• Submit a cover letter summarizing your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.