ISMS Auditor

Description

.

Responsibilities

• Conduct independent ISMS audits to assess cybersecurity maturity levels of organizations based on objective evidence and verification at client sites.
• Evaluate evidence as per cybersecurity audit checklists and determine performance scores.
• Review and assist in developing and implementing comprehensive information security audit and implementation plans aligned with organizational risk assessments and standards.
• Evaluate the design, implementation, and effectiveness of ISMS controls, ensuring compliance with relevant frameworks.
• Identify information security risks and improvement areas, and assist in the preparation of audit reports.
• Stay current with industry trends, regulations, and emerging threats through professional development and contribute to continuous improvement initiatives.
• Collaborate with cross-functional teams (IT, HR, Legal, etc.) to ensure compliance with information security policies and corrective actions.
• Present audit findings and recommendations to senior management and stakeholders, ensuring clarity and alignment.
• Review, customize, and deliver information security training and awareness programs when required.
• Support organizations in achieving and maintaining ISO 27001:2022 certification and other security compliance standards.
• Continuously refine ISMS audit methodologies and tools to align with evolving best practices.
• Ensure ethical conduct and adherence to information security policies when handling sensitive data.

Eligibility

Educational Qualifications :

• Post-graduate degree or Ph.D. in Technology, Engineering, Information or Cyber Security, Computer Science, or related fields.

Experience :

• Minimum 5+ years of practical experience in information security, risk management, or IT auditing, including at least five years in Information Security Audit functions.
• Proven experience with ISO 27001, NIST CSF, PCI-DSS, DPDPA, GDPR, ISA 62443, and Risk/Project Management frameworks.
• Experience conducting internal and external audits and implementing Information Security programs.
• Familiarity with Indian and international regulatory compliances — e.g., DPDPA, CERT-In, NCIIPC, RBI, SEBI, IRDA, SMLDI, CEA.
• Strong knowledge of ISMS documentation, information security processes, risk assessment, and control evaluation methodologies

  .

Desired Eligibility

• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Project, Outlook).
• Strong written and verbal communication skills — ability to prepare detailed, clear, and concise audit reports.
• Familiarity with audit and project management tools and technologies.
• Excellent analytical, problem-solving, and stakeholder management abilities.
• Ability to work both independently and collaboratively in a dynamic environment.
• High attention to detail and commitment to meeting deadlines under pressure.
• Must possess CQI/IRCA or PECB-Certified ISO/IEC 27001:2022 Lead Auditor certification.

Additionally, one or more of the following certifications are mandatory:

• CISA, CISSP, CISM, CRISC, CCAK, ISO/IEC 27018, ISO/IEC 27701 Lead Auditor, PCI-DSS v4, ISO/IEC 31000:2018, NIST CSF, CQI/IRCA BCMS ISO 22301 Lead Auditor, ISO/IEC 27005:2022 Risk Manager (PECB/BSI), etc.

Travel

• As and when required, across the country for project execution and monitoring, as well as for coordination with geographically distributed teams.

Communication

• Submit a cover letter summarising your experience in relevant technologies and software, along with a resume and the Latest passport-size photograph.