Information Security Analyst

Position Summary

This information security Analyst will be providing technical assistance in the-coordination of global ISO27001 internal audits. Reporting locally to the India Business Information Security Officer (BISO)this role will liaise with the various global divisions in guiding participants in answering Internal audit questions. This role will work closely with global colleagues in collating questions, gathering evidence, reviewing answers and recording compliance in the global auditing tool. . The Analyst may be called upon to help the India BISO in other technical areas - data loss prevention (DLP) escalations, overseeing penetration testing activities, etc.

Primary Responsibilities

Working as part of the Core Global ISMS team, assisting the HGI and ISMS Internal Audit Program Manager to deliver the ISMS Internal Audit function in compliance with ISO27001 Clause 9.2.

Assist the HGI and the Cyber Risk Manager in determining the audit criteria and scope for each audit. The ISMS standard requires a sampling of the ISO controls are assessed each year. All controls must be assessed over a three year cycle.

Working with the Business Information Security Officer (BISO) for each division to determine the division auditees to participate in each year's audit cycle.

Liaising with the Cyber Risk Manager and the Cyber Compliance Lead in the use of the AuditBoard tool to manage gap analysis questionnaires, internal audits, evidence collection.

Ensure compliance with ISO 27001 standards and regulations

Provide technical guidance to maintain and update the organization's Information Security Management Systems (ISMS)

Guide the ISO Internal Audit team in the construction of technical questions

Provide guidance to audit participants in understanding the technical questions

Analyse the technical evidence provided by internal audit participants

Carry out others technical duties as directed by the India BISO. Examples: 

planning, execution, and reporting of penetration testing activities,

Collaborate with internal and external security experts to identify vulnerabilities.

Prioritize and address critical vulnerabilities in a timely manner

Additional Responsibilities

As available and during the periods of the year when audits are not scheduled, this role will:

Work with the US based Cyber Risk Manager and the Cyber Compliance Lead to maximise AuditBoard features and efficiency. This is likely to include expanding this role's remit into a wider audit responsibilities and controls for audits beyond ISO27001 (e.g. NYDFS/DORA/NIST/SOC2 etc)

Advise and assist global BISOs in division improvements to remediate poor internal audit findings.

Assist the India BISO in other cyber security related investigations.

Assist the HGI with document updates to policies and standards to align more closely to ISO27001, and preparation for external audit activities.

Work closely with global SOC and CSIRT teams in threat detection and vulnerability management.

Skills and Competencies

Good written and verbal communication skills with both Indian and overseas personnel.

Experience in training and mentoring staff in security audit practices.

A strong understanding of the ISO27001 clauses and controls.

Excellent scheduling skills where calendar invites will be needed across multiple time zones.

Qualifications

Minimum Qualifications

Certificates

Current or previous ISO27001 lead auditor certification

Work Experience

7.0 Years min ISO27001 lead auditor experience

years' experience in information security leadership role.

Experience with security and control standards, frameworks, risk management methodologies and international regulatory requirements (e.g. ISO 27001, NIST, GDPR etc).

CISA, CISM, CISSP or equivalent IT security related certification (or willingness to pursue).

Ability to manage multiple complex priorities and competing agendas.

Ability to interpret and apply policies and regulations across a large, complex business