Job
Description
About Darwinbox : We’re designing the future of work by building the world's best HR tech, driven by a fierce focus on employee experience, customer success, and continuous, iterative innovation. Founded in 2015, we now serve over 2.5 million employees in 750+ enterprises, and that includes massive conglomerates to unicorn start-ups, like MakeMyTrip, JSW, Vedanta, Mahindra, Kotak, plus leading global brands like Nivea, Starbucks, Sephora, AXA, Cigna, T-Systems, and Calvin Klein. We’re backed by marquee investors like TCV, Salesforce, Sequoia, Lightspeed Ventures, Microsoft, and many others, which have put us on the pedestal of Unicorn valuation in the year 2022. But most importantly, we’re growing at a phenomenal pace, and that means exponential growth and learning opportunities for you, plus a band of passionate and fun people to work with within a place where your ideas take precedence over your designation. Why Join Us? The rate at which our product and market presence are growing is unprecedented. We’re a Rocketship. We’re not planning on slowing down anytime soon. And , that’s why we need you! You’ll experience a culture of: Disproportionate Rewards for top performance Accelerated Growth in a hyper-growth environment Wellbeing First culture focused on employee care Continuous Learning and Professional Development Meaningful Relationships and a Collaborative Environment Role Overview: We are seeking a detail-oriented and proactive Information Security Compliance Analyst (contractor) with 2–3 years of relevant experience. The ideal candidate will have a strong understanding of ISMS audits, Corrective Action Plan (CAP) closure, audit processes and terminology, third-party risk assessments, and deep familiarity with ISO 27001:2013 and ISO 27001:2022 standards. The candidate must be capable of conducting independent audits and demonstrate hands-on experience in audit execution. Basic knowledge of cloud technologies and backup processes is essential. Responsibilities Plan, execute, and report on ISMS audits, ensuring compliance with ISO 27001:2013 and ISO 27001:2022 standards. Independently conduct internal and external audits, including fieldwork, documentation, and wrap-up activities. Track and ensure closure of Corrective Action Plans (CAP) and audit findings. Perform and document third-party risk assessments, collaborating with stakeholders to mitigate identified risks. Maintain and update ISMS documentation, policies, and procedures as per regulatory and organizational requirements. Support audit preparation, evidence collection, and response to client security questionnaires. Assist in monitoring compliance metrics and identifying areas for improvement. Apply audit terminology and best practices to evaluate the effectiveness of IT security controls, policies, and procedures. Ensure basic compliance and security controls for cloud infrastructure and backup processes are in place and effective. Requirements: Bachelor's degree in Information Security, Computer Science, or a related field (preferred but not mandatory). 2–3 years of hands-on experience in information security compliance, audit, or risk management. Strong understanding of ISMS audits, audit terminology, and CAP closure processes. In-depth knowledge of ISO 27001:2013 and ISO 27001:2022 standards (mandatory). Experience conducting independent audits and preparing audit reports. Exposure to third-party risk assessments and vendor security evaluations. Basic knowledge of cloud computing concepts and backup technologies. Excellent written and verbal communication skills. Strong analytical, investigative, and problem-solving abilities. Ability to work independently and manage multiple priorities. Preferred Qualifications Professional certifications such as ISO 27001 Lead Auditor, CISA, CISM, or similar (preferred but not mandatory). Experience with compliance frameworks beyond ISO 27001 (e.g., SOC 2, NIST, PCI DSS) is an advantage. Familiarity with audit tools, GRC platforms, or compliance management software. Note: Only candidates with proven experience in audit and compliance, and a strong understanding of ISO 27001:2013/2022, will be considered. Basic cloud and backup knowledge is a must. Show more Show less
