Location: Visakhapatnam(Work from office)
Roles & Responsibilities:
5+ years, with significant hands-on exposure to ISO 27001 (ISMS) implementation and maintenance.ISMS (ISO 27001) – Primary Focus
- Maintain and update ISMS documentation including policies, procedures, risk register, and Statement of Applicability (SoA)
- Coordinate and conduct periodic risk assessments and risk treatment plans
- Plan and support internal ISMS audits; coordinate with external auditors during certification/surveillance audits
- Track and close non-conformities (NCs), observations, and corrective/preventive actions (CAPAs)
- Monitor compliance with information security controls (Annex A) across departments
- Coordinate security awareness training programs for employees
- Support incident management process – logging, tracking, and reporting security incidents
- Liaise with IT/InfoSec teams on technical controls, vulnerability management, and access reviews
- Support vendor/third-party risk assessments related to information security
- Prepare management review reports and dashboards on ISMS performance metrics (KPIs/KRIs)
- Stay updated on changes to ISO 27001 standard, regulatory requirements (e.g., GDPR, local data protection laws), and industry best practices
QMS – Supporting Responsibilities
- Maintain QMS documentation (process manuals, SOPs, work instructions)
- Coordinate internal quality audits and support external certification audits (e.g., ISO 9001, if applicable)
- Track quality-related CAPAs and process improvement initiatives
- Support management review meetings with relevant quality metrics and reports
Required Skills & Competencies
- Strong working knowledge of ISO 27001:2022 requirements and Annex A controls
- Experience conducting or coordinating internal audits (ISMS and/or QMS)
- Familiarity with risk assessment methodologies and risk treatment planning
- Good understanding of information security concepts (access control, encryption, incident response, business continuity)
- Strong documentation and process-mapping skills
- Excellent coordination skills to work across departments (IT, HR, Operations, Legal)
- Proficiency in MS Office/Excel for reporting and tracking; familiarity with GRC tools is a plus
- Strong communication skills for liaising with auditors and stakeholders
Preferred Certifications
- ISO 27001 Lead Implementer or Lead Auditor (highly preferred)
- ISO 9001 Internal Auditor (added advantage)
- Certifications such as CISA, CISM, or ISO 27001 Foundation are a plus
Pay: ₹700,000.00 - ₹850,000.00 per year
Benefits:
Work Location: In person
