We are seeking a skilled ISMS Auditor-cum-GRC Support Analyst professional to plan, execute, and support Information Security and IT audits aligned with ISO 27001 standards. The role involves assessing security controls, identifying risks, and providing actionable recommendations to strengthen the organization’s security posture.
- Plan and execute ISMS audits in accordance with ISO 27001 standards.
- Develop audit schedules and ensure timely completion of audit activities.
- Conduct opening and closing meetings with stakeholders.
- Prepare audit plans, checklists, and comprehensive audit reports.
- Document audit findings, non-conformities, and recommendations.
- End-to-end execution of IT/IS audits (planning, fieldwork, and reporting).
- Support IT/IS assurance and advisory engagements.
- Evaluate design and effectiveness of IT controls and security frameworks.
- Perform security assessments across:
- User Access Management
- Network Security
- OS & Application Security
- Encryption
- Backup & Recovery
- Disaster Recovery
- Security Awareness & Training
- Bachelor’s degree in science or engineering.
- ISO 27001:2022 Lead Auditor / Implementor certification.
- Preferred certifications: CISA, CISM, CISSP.
- 3–5 years of experience in information/cybersecurity.
- Strong knowledge of network, information, and cloud security.
- Good understanding of ISO 27001 standards and documentation.
- Familiarity with frameworks such as RBI CSF and NIST CSF.
- Knowledge of IT infrastructure and security audits.
- Basic understanding of:
- Networking concepts
- Operating systems
- Endpoint and security devices
- Awareness of business continuity frameworks.
- Exposure to compliance standards like PCI DSS, HIPAA, etc.
- Strong written and verbal communication skills.
- Self-driven learner with updated knowledge of latest threats and vulnerabilities.
