ISMS Auditor

Description

We are seeking a highly skilled and experienced ISMS Auditor to assess, audit, and enhance organizations' Information Security Management Systems (ISMS) in alignment with international standards such as ISO 27001:2022, NIST CSF, and other relevant frameworks. The ideal candidate will bring deep expertise in information security auditing, risk assessment, and compliance to ensure cybersecurity maturity and continuous improvement within client organizations
.

Responsibilities

• Conduct independent ISMS audits to assess cybersecurity maturity levels of organizations based on objective evidence and verification at client sites.
• Evaluate evidence as per cybersecurity audit checklists and determine performance scores.
• Review and assist in developing and implementing comprehensive information security audit and implementation plans aligned with organizational risk assessments and standards.
• Evaluate the design, implementation, and effectiveness of ISMS controls, ensuring compliance with relevant frameworks.
• Identify information security risks and improvement areas, and assist in the preparation of audit reports.
• Stay current with industry trends, regulations, and emerging threats through professional development and contribute to continuous improvement initiatives.
• Collaborate with cross-functional teams (IT, HR, Legal, etc.) to ensure compliance with information security policies and corrective actions.
• Present audit findings and recommendations to senior management and stakeholders, ensuring clarity and alignment.
• Review, customize, and deliver information security training and awareness programs when required.
• Support organizations in achieving and maintaining ISO 27001:2022 certification and other security compliance standards.
• Continuously refine ISMS audit methodologies and tools to align with evolving best practices.
• Ensure ethical conduct and adherence to information security policies when handling sensitive data.

Eligibility

Educational Qualifications :

• Post-graduate degree or Ph.D. in Technology, Engineering, Information or Cyber Security, Computer Science, or related fields.

Experience :

• Minimum 5+ years of practical experience in information security, risk management, or IT auditing, including at least five years in Information Security Audit functions.
• Proven experience with ISO 27001, NIST CSF, PCI-DSS, DPDPA, GDPR, ISA 62443, and Risk/Project Management frameworks.
• Experience conducting internal and external audits and implementing Information Security programs.
• Familiarity with Indian and international regulatory compliances — e.g., DPDPA, CERT-In, NCIIPC, RBI, SEBI, IRDA, SMLDI, CEA.
• Strong knowledge of ISMS documentation, information security processes, risk assessment, and control evaluation methodologies
  .

Desired Eligibility

• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Project, Outlook).
• Strong written and verbal communication skills — ability to prepare detailed, clear, and concise audit reports.
• Familiarity with audit and project management tools and technologies.
• Excellent analytical, problem-solving, and stakeholder management abilities.
• Ability to work both independently and collaboratively in a dynamic environment.
• High attention to detail and commitment to meeting deadlines under pressure.
• Must possess CQI/IRCA or PECB-Certified ISO/IEC 27001:2022 Lead Auditor certification.

Additionally, one or more of the following certifications are mandatory:

• CISA, CISSP, CISM, CRISC, CCAK, ISO/IEC 27018, ISO/IEC 27701 Lead Auditor, PCI-DSS v4, ISO/IEC 31000:2018, NIST CSF, CQI/IRCA BCMS ISO 22301 Lead Auditor, ISO/IEC 27005:2022 Risk Manager (PECB/BSI), etc.

Travel

• As and when required, across the country for project execution and monitoring, as well as for coordination with geographically distributed teams.

Communication

• Submit a cover letter summarising your experience in relevant technologies and software, along with a resume and the Latest passport-size photograph.