Mandatory Experience with: Information Security, ISO 27001: 2022 (ISMS) Implementation, Internal auditing, Risk Assessment

Experience Range: 1 to 3 Years

Work Location: Noida (Work from office)

About the role:

• Experience in ISO 27001: 2022 (ISMS) Implementation and internal auditing.

• Review and Analyze ISO 27001: 2013 related controls.

• Conduct Risk Assessment for Internal Functions and departments.

• Understanding and communicating identified risks and associating them with ISMS controls.

• Ensure Compliance to the Business Agreements, Policies, Procedures & Regulations along with

the ability to map Controls and Compliance Requirements.

• Support Remediation Efforts with Business.

• Maintain Metrics and Report them.

• Ensure alignment of Security Policies/ Standards with IT Infrastructure Frameworks.

• Prioritize and organizes own work to meet deadlines.

• Executes Compliance Programs in support of the Conformance to Stated Policies.

• Conducting Regular ISMS Audits based on Business Requirements, Customer Requirements and

Organization Standards and Parameters for the process.

• Conducting ISMS Awareness Session for employees.

• Knowledge in Application Security Assessment using OWASP methodologies.

• Knowledge of Compliances such as ISO 22301, PCI DSS, HIPPA, GDPR, SOC 2 etc. would be an

added advantage. Candidate Desired Profile.

• The applicant should be able to support Information Security Policies, standards and procedures

to secure and protect data residing on systems.

• Work Directly with User departments to implement procedures and systems for the protection,

conservation and accountability of proprietary, personal or privileged electronic data.

• Should be a certified ISO 27001; 2013 Lead Auditor or Lead Implementer.

• Should have a minimum of 1 to 2 years of experience in Information Security domain.