ISO 27001 Lead Auditor Jobs

Requirements: B. Tech/MCA/MBA with 0 - 2 Years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls and ERP Audits. Candidate should have intermediate knowledge of financials, operations and technology and its related risks Candidate should have good knowledge for SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security and risk management frameworks/ standards (ISO 27001, NIST, COBIT, ITIL, PCI.) Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP) Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word and PowerPoint MS Visio skills to develop process and data flow diagrams Strong multi-tasking and project management skills Excellent verbal and written communication (English) as this a client facing role and it requires frequent communications with RSM International clients.

Trojan Hunt India, MSME Registered, ISO 9001: 2015 and ISO 27001: 2022 certified company, is amongst the leading Information Security and Cyber Intelligence companies and provides unmatched services and state-of-the-art products to clients throughout the world. We specialize in addressing end-to-end Enterprise Risk.Our clients range from private organizations and government sectors to Subject Matter Experts (SMEs) and third-sector associations each being offered varying solution/service interests such as business intelligence, corporate fraud investigations, electronic and technical surveillance, vulnerability assessment, private investigation, social media fraud investigations, legal investigation services (including forensics), cybercrime investigation, penetration testing, incident response, removal of defamatory contents and many more.Designation- GRC ConsultantExperience 3-5 YearsLocation: New Delhi NCRResponsibilities:Good working knowledge and hands on experience of ISO 27001Guide clients in implementing and maintaining compliance with ISO 27001 and other relevant standardsConduct gap assessments, risk analysis, and internal auditsAssist in developing, reviewing, and enhancing ISMS policies and proceduresMonitor and evaluate the effectiveness of information security controlsSupport corrective and preventive action plans post-auditCollaborate with technical teams to ensure secure design and implementation of IT infrastructureStay updated with the latest regulatory requirements and cybersecurity threatsProvide training and awareness sessionsDocument findings and create reports using MS Excel, Word, and PowerPointQualification: Bachelors degree in B.Tech , B.Sc. and BCA or relevant fieldPreferred Certification:ISO 27001 Lead Auditor/ImplementerOther requirements:Excellent problem-solving/analytical skillsGood written and verbal communication.Proficiency in MS Excel, Word, and PowerPoint for audit reporting and presentationsTo apply for this position please send in your resume to- v.tamanna@trojanhuntindia.com

Urgent Requirement Management Representative in Fire Stone h Pvt ltd.Locations: Garhi Tarkhana, Machhiwara, Ludhiana-141115Designation: Management Representative (Auditor stands for ITAF & ISO and QMS documentsSalary NTH: 30k to 40k (Negotiable as per experience)Experience: Min 5 to 10 year's Age Limit: 30 to 40Marital Status: MarriedEducation: B.Com/B.Tech/ Any Graduate / Post GraduateWork Responsibilities: Handling of customer Audit/ IATF Audit, ISO Audit & QMS Audit documents related, law regulations & audit standard etc. MR will likely be involved in quality assurance and control activities, ensuring that the aluminum/metal products meet the required standards. Ensure they understand the audit process, their roles and the relevant ISO, IATF 16949:2016 Standards and it intends to prevent defects , reduce waste, and facilitate continuous improvement (ISO/TS 16949)(Ensure documentation is up-to-date and accessible, Maintain accurate and complete documentation of all procurement transactions and records are readily available for the auditors) QMS Implementation and Maintenance: Ensuring the QMS is established, implemented, and maintained according to relevant standards (e.g., ISO 9001, ISO 14001, ISO 27001 & IATF 16949 auditor.Defining, deploying, monitoring, and managing QMS processes. Coordinating with different teams to define QMS processes for their respective departments.Managing the design and implementation of QMS.Ensuring that the QMS meets the requirements of the standard.Ensuring that company processes are suitable for achieving the intended results.Reporting and Performance Monitoring: Regularly informing top management about the performance of the QMS. Identifying areas for improvement and presenting them to top management. Reporting on the effectiveness of the QMS.Ensuring continuous improvement within the company.Customer Focus and Requirements: Ensuring that all employees understand customer requirements and how their work impacts

JD for Information Security and Compliance Specialist:Responsibilities:1. Utilize 3-5 years of direct experience in information security, specializing in risk and compliance management. Proficiently conduct audits and manage audit responses and observations.2. Implement ISMS (Information Security Management System) standards, policies, and conduct access reviews to ensure regulatory compliance. Perform thorough risk assessments and remain updated on relevant regulatory requirements.3. Demonstrate a proficient understanding of identity management standards, Business Continuity Planning (BCP), Disaster Recovery (DR), and Cloud Security.4. Utilize GRC (Governance, Risk, and Compliance) tools and techniques to organize and execute risk and compliance projects. Conduct audits, compile evidence, and coordinate audit responses efficiently.5. Manage risk and vulnerability assessments, along with compliance reviews, to ensure adherence to security standards.6. Maintain and monitor a centralized repository for procedures and documents related to security and compliance.7. Demonstrate proficiency in incident response and change management practices.8. Collaborate with stakeholders to align IT General Controls (ITGC) objectives with organizational goals.9. Support functional teams in achieving ongoing operational compliance.10. Conduct Vulnerability Assessment and Penetration Testing (VAPT) assessments, drive remediation efforts, and ensure the closure of identified vulnerabilities.11. Stay updated on regulatory changes impacting information security and ensure organizational compliance.12. Conduct security awareness training sessions and effectively communicate security policies and best practices to all stakeholders.13. Possess effective written and verbal communication skills to interact with cross-functional teams.14. Demonstrate strong analytical and problem-solving abilities to effectively address security and compliance challenges.

Job Description:- Good understanding of ISO 27001, experience in information Security controls designing, policy documentation, implementing best information security practices, compliance frameworks for Information Security.- Mapping and documenting processes required for meeting the specifications of the framework being implemented such as ISO 27001 / ISO 27002, IT Security Compliances.- Preparing ISO 27001 documentation in terms of policies, procedures, risk assessments.- Training and hand-holding client teams for implementing the selected standards / frameworks - related to ISO 27001 / ISO 27002, IT Security Compliances.- Conducting audits and reviews to assess and measure the system conformance and performance.- Assisting client organization during third-party assessments, ISO 27001 audits, IT security audits.- Responsible for achieving project milestones with respect to the allocated tasks and deliverables.Desired Profile:- 1 to 2 years of working experience in IT Security, ISO 27001 standard implementation, documentation & ISO 27001 audit.- Experience of implementing international standards, frameworks such as ISO 27001. GDPR, PCI-DSS, HIPAA will be a plus.- Must be good at MS Office and any flow-charting tool such as MS Visio effectively.- Ability to understand client requirements and conceptualize / design processes to ensure the most suitable compliance environment is expected.Good communication skill in English - verbal & written - Certified Lead Implementer ISO 27001 or Lead Auditor ISO 27001. Candidate shall have own laptop.

Roles & Responsibilities: Perform internal audits and ensure compliance with policies and external laws. Maintain the audit calendar & program and provide periodic reports to stakeholders. Improve reporting mechanisms for the audit function. Track remediation of any findings from internal or external assessments. Manage the audit risk assessment program minimize. Contribute to the data risk management program. Support the team in risk management activities organization. Assist with successful implementation and enforcement of security policies and procedures across old & new technologies / systems/ environments. Participate in the implementation of security initiatives. Support team to implement the GRC initiatives with respect to audit programs. Must have working knowledge of GDPR, Implementation, SOC2, ISMS. Mandatory skills: Information Security, Risk, IT GRC, Audit. 7+ years in an Information Security role with progressive experience in the following areas: Audits and assessments - information security, network security, application security, physical security, privacy etc. Information or IT risk management and compliance Knowledge of various standards like ISO 27K, COBIT, PCI-DSS, NIST, IT GRC etc. exposure to regulatory audits will be an added advantage. Understanding of Privacy regimes Application Security concepts from an audit perspective MS Office (Word, Excel, PowerPoint) Excellent organization, communication, and presentation skills with the right attitude Ability to multi-task General professional writing proficiency Experience in the services industry is mandatory. ISO 27001:2022 Certification Mandatory, CISA/CISM preferable but not mandatory. Having exposure on vendor & client management CISO responsibilities: Experience in developing CxO level dashboards , Cybersecurity Knowledge Leadership and Management Risk Management Security Strategy and Planning

Job Description:Job ResponsibilitiesPresent and report regularly InfoSec dashboard to management and stakeholdersAssist with the development of technical security risk and compliance documentationDocument and Communicate status and compliance effectiveness to management on a regular basisConduct regular internal audits on information security specific to ISO 27001Manage external audits from customers and stakeholderSupport business teams to achieve and maintain their security and compliance posture in accordance with ISO 27001 & Data PrivacyValidate ongoing compliance of policies and process/procedures in support of requirements and ensure that controls are operating effectivelyPrepare responses to client questionnaires and RFPs on information security, compliance and data privacy related areas. Provide support and clarity to customers and users of the information and cyber-security policy framework answering related questions and challenges as they ariseInterface and engage both management and other functions in organization on information security compliance related activities and processesLead the effective publication of policy materials and documents Risk ManagementMaintain and manage ISMS related documents, reports, and artefactsCoordinates the issuance of access control and drive change management activitiesManage vendor and third-party due diligence documentationInternal consultant for IT domain leads, administrators for security infrastructure, and assisting them to implement security devices configuration controls for firewalls, Internet connectivity, IPS and router etc.QualificationsCertification ISO 270013+ years of experience in Compliance, Security, or IT Audit experienceTotal experience of 5-6 yearsAny graduate or masters degree in science, engineering or technologyKnowledge in Project Management, IT Security Architecture DesignPrior experience with managing other security compliance ISO 27001 & SOC1 & SOC2

We are looking for ISMS Consultant with 4 to 6yrs of exp candidate for Mumbai location.Job Title: ISMS ConsultantExp: 4-6yrsLocation: MumbaiJob Type: Permanent No of Openings: 4Please find the below mentioned JD for ISMS Consultant. A. Job Responsibilities1. 4 - 6 years experience in consulting organization.2. ISO 27001 Lead Auditor Certified.3. Understanding the clients business and prepare SOA.4. Conducting Gap Assessment based on SOA.5. Timely Reviewing existing policies procedure documents and actual practices and suggest improvements.6. Drafting of new policies as and when required.7. Performing risk assessment and propose risk treatment plans.8. Coordination with different department and stakeholders on recommendations and evidence collection.9. Training different Department heads and involved people.10. Sharing updates and timely project status with management.11. Making sure organizational governance is followed smoothly throughout different business functions within the organization.12. Facing External Audits.13. Hands on experience in Policies drafting, Implementation, Audit activities.

About us:We are headquartered in New York, USA committed to provide sustainable and scalable solutionstowardsclinical research and bioinformatics needs. Our team hasa decade worth of experience in medical information management, especiallyincancer research. Good data drives quality researchandwe recognize that todays research will shape the clinical practice guidelines of tomorrow. Our information technology and data management solutions can streamline and integrate research and patient care workflows to collect quality data and achieve research goals.Job Title:Sr. Executive Department: Risk & Compliance Job Location:Navi MumbaiReporting to: ManagerJob Duties / Responsibilities:Performing daily random audits of computer systems to check the effectiveness of IT controlsConduct Compliance Induction for new joiners.Provide developmental training to staff within defined time line based on business needs.Maintain updated centralized master list for all compliance related functions.Periodic review and up gradation of all mandatory, essential, MR/ISM manual, and procedure documentsConduct Risk & Compliance awareness test to employees at 6-month intervalPrepare and publish the Compliance awareness and Medicare assessment reportReview audit checklists to improve effectivenessTo monitor and ensure continual improvement on QMS/ISMS/SOC and other security auditsCoordination with software team/other process owners on any requirements related to Security and QualityCoordinate and guide the stakeholders in reporting and closing Audit observations and incidents.Education and Experience:Any graduate with good communication skillsOverall IT experience of 4 to 8 years, with a minimum of 2 to 4 years in IT Security, Audit, or Compliance roles.Experience in handling SIEM tools, knowledge of ISO 27001 requirements, and Vulnerability assessments are a plusCertifications like ISO 27001, Security+, or any Security certification.

skills will be required- Extensive experience with Information security and risk management- Experience with IT (security) Architecture, design and engineering- Practical understanding of, and experience with, Shells IT infrastructure, architecture and technology solutions.- Sound knowledge of IT Governance Risk & Control frameworks, specifically ISO27001, COBIT and risk methodologies (IRAM)- Proven capability in managing IT security infrastructure risks.Knowledge of external Legal, Regulatory and industry best industry requirements, particularly Export Controls, PCI DSS and Data Privacy regulations

Security Risk & Control Consultant (SRCC) The Security & Compliance (S&C) Competency Centre (CC) Lead is responsible for supporting the following:EducationGraduate degree plus recognized information security certifications like CISSP, CCSP, SSCP, CRISC, GSEC, etc. are good to haveProject Review and Technical Advice- Review all new high-risk projects; new technical designs; for Information risks and advise on suitable controls and mitigations at early stages of the program.- Lead the S&C Analyst for specific technology and advice on the Information security for their projects.- Offer advice to Shell and suppliers to assist in resolving questions and issues around how to manage risk- Provide Subject Matter Expertise for projects and business stakeholders, in combination with the Improvement Program.- Work with the architecture community to review new technology and architecture innovations.Risk Management and Mitigation- Assess and classify all potential business and infrastructure information risks.- Execute, with suppliers, risk analyses on IT application/services.- Develop and socialize our overall risk profile and action plans to mitigate risks- Review and recommend approval project charters.- Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems- Perform end to end Security Assessment on vendor offerings New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.- Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies.- Support in development of tooling to support IRM processes and ensuring this is fit for purpose.- Actively participate in S&C team and community meetings, representing S&C and Business interests in other CC forums.- Support during Internal /External Audit

The resources should have ITGC, IT Audit < IT Advisory experience within the financial services industry (or consulting experience working with financial services clients).Area of focus: Provide IT Audit, ITGC, analysis, and technical writing to support the development of timely, accurate, and comprehensive responses to client and regulatory requests related to the firms technology risk program.Key Responsibilities: Direct, client-facing engagement responsibilities. Serving as both role model and trainer, demonstrates the attributes of excellent client service and assists team members in developing technical and professional competency. Identifies areas of IT risk and opportunities to improve IT business processes.Desired Profile:1. Experience in Information technology risk , IT audits, ITGC and IT Risk Management2. Qualification BE, MBA (desirable) and Certifications (desirable) CISA, CISSP, PMP, ITIL, CEH , COBIT, ISO 270013. Experience in conducting Information technology assessment and Risk management in accordance with established standards such as ISO27001 etc.4. Hands-on experience in the multiple areas of IT audits, SOX / ICFR / IFC / SAS 70 / SSAE / SOC, IT Financial Audit and Business Automated Controls, IT Risk consulting or any other regulatory / compliance audits.5. Experience in delivering result oriented solutions to Senior Management and Boards of Directors. Risk assessment and other risk management consulting experience.6. Experience with regulatory and compliance audits. Experience with creating Information Security Framework and its related policies and procedures.7. Strong knowledge of ERP's like SAP / OFIN / JDE / etc and their native application controls. Knowledge of IT Security aspects towards key areas like Cloud Computing, Cyber Risks, Network Security, database management systems, SDLC, IT general controls (ITGC), COBIT, COSO 2013.Application functionality.

Job Openings for 2 27001 ISMS Lead Auditor Jobs with minimum 1 Year Experience in Ghaziabad, Uttar Pradesh having Educational qualification of: B.Tech/B.E, M.Tech with Good knowledge in ISO Coordinator, Iso 27001 Lead Auditor, etc.

. Conduct ISMS audit for clients Develop and maintain audit checklist and documents. Maintain active communication with clients to manage expectations, ensure satisfaction, make sure deadlines are met, and lead change efforts effectively. Maintain and enhance audit work paper templates. Conduct frequent testing of simulated cyber-attacks to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack. Performing both internal and external security audits. Making an audit Audit Report for ISO 27001, 27701, 22301, PCI DSS, SOC 2 and submission to senior manager. Providing the pre-audit committee with the audit findings. Monitoring the implementation of audit recommendations.

The resources should have ITGC, IT Audit < IT Advisory experience within the financial services industry (or consulting experience working with financial services clients).Area of focus: Provide IT Audit, ITGC, analysis, and technical writing to support the development of timely, accurate, and comprehensive responses to client and regulatory requests related to the firms technology risk program.Key Responsibilities: Direct, client-facing engagement responsibilities. Serving as both role model and trainer, demonstrates the attributes of excellent client service and assists team members in developing technical and professional competency. Identifies areas of IT risk and opportunities to improve IT business processes.Desired Profile:1. Experience in Information technology risk , IT audits, ITGC and IT Risk Management2. Qualification BE, MBA (desirable) and Certifications (desirable) CISA, CISSP, PMP, ITIL, CEH , COBIT, ISO 270013. Experience in conducting Information technology assessment and Risk management in accordance with established standards such as ISO27001 etc.4. Hands-on experience in the multiple areas of IT audits, SOX / ICFR / IFC / SAS 70 / SSAE / SOC, IT Financial Audit and Business Automated Controls, IT Risk consulting or any other regulatory / compliance audits.5. Experience in delivering result oriented solutions to Senior Management and Boards of Directors. Risk assessment and other risk management consulting experience.6. Experience with regulatory and compliance audits. Experience with creating Information Security Framework and its related policies and procedures.7. Strong knowledge of ERP's like SAP / OFIN / JDE / etc and their native application controls. Knowledge of IT Security aspects towards key areas like Cloud Computing, Cyber Risks, Network Security, database management systems, SDLC, IT general controls (ITGC), COBIT, COSO 2013.Application functionality.

We are looking for Infosec/GRC resource with 8-10 yrs of relevant work experience for Bangalore.Role: Infosec/GRC ResourceExp: 8-10yrsJob Type: Contract Location: BangaloreSkill Set: 8-10 Years experience in Information Security, Compliance, Risk Management Expertise in Information Security implementation for ISO 27001 and other relevant standards such as SOX, (US role )-NIST 800- 53, CMMC Preferred Certifications: CISSP, ISO 27001 Lead Auditor or ImplementerJD Summary We are looking for people with Infosec skills experience, who have 7-10 year experience in GRC, GRC implementation, individuals with CISSP, CISM, CISA certifications. Additional important skills are Risk management , ITGC, ISO 27001.