ISO Auditor

Job Purpose and Key Responsibilities:

Manage a variety of projects within their organization, facilitating the planning and prioritization of complex cybersecurity services.

Primary Role & Responsibilities:

• Develop and implement comprehensive audit plans aligned with organisational risk assessments and relevant standards.
• Conduct audits of clients Information Security Management System (ISMS) based on ISO 27001, NIST, and other applicable standards to assess compliance and identify areas for continual improvement.
• Conduct independent and objective assessments of the ISMS, evaluating the design, implementation, and effectiveness of information security controls.
• Identify vulnerabilities, control weaknesses, and non-compliance issues through interviews, document reviews, testing procedures, and other established audit methodologies.
• Identify and assess the organisation's information security risks and develop audit reports detailing findings, recommendations, and corrective actions with recommended mitigation measures.
• Collaborate with stakeholders across various departments (IT, HR, Legal, etc.) to implement corrective actions effectively.
• Collaborate effectively with diverse client stakeholders to ensure alignment with Information Security Management policies, procedures, guidelines, and processes.
• Responsible for creating ISMS-related Documents/Checklists/Policies/SOPs, conducting ISMS Audits, and driving ISMS-related activities throughout all the locations.
• Support the organisation/clients in achieving and maintaining ISO 27001 certification.
• Designed policy framework based on ISO 27001, opening and closing of an audit meeting, and assisted with follow-up audits.
• Review and update ISMS audit methodologies and tools based on emerging threats, best practices, and organisational changes.
• Adhere to strict ethical standards and organizational information security policies when handling sensitive data obtained during the audit process.

Key Skills, Experience & Knowledge:

• Significant experience in ISO 27001/2 standards for consulting, collaboration, implementation & auditing is highly desirable.
• A strong understanding of information security frameworks like ISO 27001, NIST Cybersecurity Framework (CSF), GDPR, CIS or similar.
• Experience planning, preparing, and delivering internal and external audits, including Compliance Audits.
• Should have detailed experience and knowledge of Cyber/Information Security Governance, Risk Management, and Compliance.
• Knowledge of industry good practices and procedures, Information Security Management tools-methods-techniques-and their applications, ISMS specific documentation structures-hierarchy-and interrelationships, electronic and digital signatures, electronic evidence collection, etc.
• Strong Knowledge of Audit planning, Audit risks, Information Security Process Analysis, information security controls, risk assessment methodologies, vulnerability management principles and Internal Auditing of Information Security Management Systems.

Key Skills/Knowledge:

Personal Profile

• Demonstrates JLR Creators Code of behaviors, Customer Love, Unity, Integrity, Growth and Impact.
• Embracing people differences, being empathetic, welcoming challenges together empowering each other to deliver.
• Building trust by speaking openly and honestly, listening attentively, and treating others respectfully. Taking initiative and using failure as an opportunity to learn.
• A determined individual, highly driven, committed and results-orientated who works with pace, energy and confidence and a strong team player.
• An individual who is resilient, energetic and enthusiastic, responds constructively to new ideas and input in a changing business environment.