ISMS Auditor Position

We are seeking an experienced Information Security Management System (ISMS) auditor to join our team. As an ISMS auditor, you will be responsible for conducting audits and assessments of our information security management system.

The ideal candidate will possess a solid understanding of ISMS frameworks and standards, such as ISO 27001, NIST, and IEC 62443. They will also demonstrate expertise in evaluating security controls and processes.

A strong analytical mind, attention to detail, and commitment to upholding security best practices are essential for this role. The successful candidate will play a key role in ensuring the integrity and effectiveness of our information security management system.

• Conduct audits of clients' Information Security Management Systems (ISMS) based on ISO 27001:2022, NIST, and ISA/IEC 62443 standards to assess compliance and identify areas for continual improvement.
• Conduct independent and objective assessments of the ISMS, evaluating the design, implementation, and effectiveness of information security controls.
• Identify vulnerabilities, control weaknesses, and non-compliance issues through interviews, document reviews, testing procedures, and other established audit methodologies.
• Identify and assess the organisation's information security risks and develop audit reports detailing findings, recommendations, and corrective actions with recommended mitigation measures.
• Stay updated with industry trends, standards, and regulations related to information security through professional development activities and participate in information security continuous improvement initiatives to enhance the effectiveness of the ISMS.
• Collaborate with stakeholders across various departments (IT, HR, Legal, etc.) to implement corrective actions effectively.

This is a challenging opportunity for an experienced information security professional who wants to make a real difference in the field. We offer a competitive salary and benefits package, as well as opportunities for career growth and professional development.

We are looking for candidates who possess the following skills and qualifications:

• A bachelors degree in technology or engineering, Information or Cyber Security, Computer Science, BCA/MCA, or in the case of other fields (a Masters degree in Information/ Cyber Security is typically required).
• Minimum Practical 2+ years experience in information security, risk management, or IT auditing, of which two years in a role or function related to Information Security Audit.
• Significant experience in ISO 27001/2 standards for consulting, collaboration, implementation & auditing is highly desirable.
• A strong understanding of information security frameworks like ISO 27001, NIST Cybersecurity Framework (CSF), GDPR, CIS, IEC 62443 or similar.
• Experience planning, preparing, and delivering internal and external audits, including Compliance Audits.
• Should have detailed experience and knowledge of Cyber/Information Security Governance, Risk Management, and Compliance.
• Experience with International regulatory compliances with a specific focus on Indian Regulatory Compliances such as DPDPA, CERT-In, NCIIPC, RBI, SEBI, IRDA, SMLDI, etc.
• Knowledge of industry good practices and procedures, Information Security Management tools-methods-techniques-and their applications, ISMS specific documentation structures-hierarchy-and interrelationships, electronic and digital signatures, electronic evidence collection, etc.
• Strong Knowledge of Audit planning, Audit risks, Information Security Process Analysis, information security controls, risk assessment methodologies, vulnerability management principles and Internal Auditing of Information Security Management

Eligibility

• Proficient in MS Office applications such as Microsoft Office Word, Excel, PowerPoint.
• Proficient in presentation skills.
• Proficient in writing clear, concise audit reports with practical communication skills for technical & non-technical audiences.
• Proficiency in using relevant audit tools and technologies.
• Ability to work under pressure, meet deadlines, and maintain a positive attitude.
• Strong interpersonal skills and ability to work independently or in a team.
• Multi-Linguistic.
• Being ethical, open-minded, collaborative, diplomatic, observant, perceptive, versatile, tenacious, decisive, self-reliant, professional, morally courageous, Professional Certifications and Professional Credits:

We are looking for candidates who possess the following certifications:

• CQI/IRCA or PECB-Certified ISO/IEC 27001:2022 Lead Auditor.
• PECB-Certified ISO/IEC 27005:2022 (Lead) Risk Manager or BSI-Certified in ISO/IEC 27005:2022 Information Security Risk Management.

Our ideal candidate will be able to adapt to changing circumstances, think creatively, and bring a high level of professionalism to the role. If you are a motivated and enthusiastic individual who is passionate about information security, we encourage you to apply for this exciting opportunity.

Please submit your application, including a cover letter summarizing your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.