Information Security Auditor

Delhi/Mumbai | Experience: 3 to 5 years

Core Responsibilities

  • Conduct based on various IT security compliances (such as ISO 27001, PCI DSS, NIST SP 800-53, etc.) and support organization to remediate the identified risks
  • Design policy framework based on ISO 27001:2013
  • Define controls as per ISO 27002:2013/15 Framework.
  • Define controls as per NIST SP 800-53 framework
  • Conduct ISMS audit for clients
  • Develop and maintain audit checklist and documents
  • Work closely with the VAPT team
  • Create and update the hardening checklist
  • Help client to upgrade from the old standards e.g. ISO 27001:2005 to ISO 27001:2013
  • Perform risk assessment and impact analysis
  • Map various compliances with each-other

Experience and Qualifications

  • M.Tech or B.Tech / B.E./BCA in Computer Science or Information Technology
  • ISO 27001 Lead Auditor/Lead Implementer (Preferred)
  • Sound knowledge of IT Security and Infrastructure audits
  • Proven ability to conduct ISMS, RBI, NBFC etc.. audit independently
  • Must have audited minimum 3 clients/implemented minimum 2 clients
  • Must possess basic knowledge of networking, different flavours of operating system, endpoint devices and security devices
  • Should be a self learner and must keep herself updated with latest threats and vulnerabilities researched/discovered
  • knowledge of business continuity framework and standards
  • Basic knowledge of different compliance standards such as PCI DSS, HIPAA, etc. in addition to ISO 27001
  • Excellent written and Verbal communication skill