60 Iso27001 Jobs - Page 3

Job Summary We are seeking an experienced ISO27001 Consultant to lead and support our organization in achieving ISO27001 certification. This role will also contribute to SOX compliance, information security initiatives, general IT administration, and Azure cloud administration. The ideal candidate will possess a strong understanding of information security standards, regulatory compliance frameworks, and hands-on technical expertise in IT operations. Key Responsibilities: Lead and manage the end-to-end ISO27001 certification process. Develop and implement information security policies, procedures, and controls. Conduct internal audits and coordinate external audits for ISO27001 and SOX compliance. Support and guide the organization through SOX readiness and ongoing compliance. Perform risk assessments and security gap analyses; recommend corrective actions. Collaborate with cross-functional teams to enforce security and compliance practices. Maintain documentation and evidence required for audits and certifications. Administer IT systems including identity and access management, system configurations, and patch management. Provide Azure administration support, including resource provisioning, security configurations, and monitoring. Offer guidance and training to internal teams on security and compliance best practices

Lead and support IT compliance audits and assessments aligned with ISO 27001 and SOC 2 standards.Understanding of regulatory compliance standards, such as GDPR, HIPAA,PCI-DSS,or ISO27001.Understanding of cloud platforms (AWS, Azure, or Google Cloud)

Position Description Role Title: Senior Information Security Officer Current Reporting Manager: Head of Information Security Assurance Current Location: Gurgaon Position Purpose The Senior Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will drive security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the ISO will ensure that security controls align with client contractual obligations, regulatory requirements, and industry best practices. The ISO will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges. Main Activities The position is within the Information Security team. Main activities will include but are not limited to: Responsibility Area Internal Audit & Assurance: Oversee the implementation and operations of the ISMS within the region. Ensure and support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Continuously assess and improve security controls and processes. Information Security Risk Management Identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Information Security Policy & Standards Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit & Compliance Lead and support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training & Awareness Develop, support deliver security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Assess and manage security risks associated with third-party vendors and suppliers. Ensure that security requirements are included in vendor contracts and SLAs. Perform regular security assessments of critical suppliers, considering the impact on client services. Security Operations & Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. Qualifications and Experience Bachelor'S degree in Information Security, Computer Science, or related field (or equivalent experience). 5+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. Strong understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. Experience in security risk management, audits, compliance, and client security assurance. Knowledge of security operations, incident response, and managed security services. Familiarity with supply chain security and third-party risk management. Excellent communication and stakeholder management skills, with experience working with clients on security matters. Security certifications such as CISSP, CISM, or CRISC are preferred.

Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills

Governance: Develop, review, and update information security policies, procedures, and frameworks to align with industry best practices and regulatory requirements. Risk Management: Conduct comprehensive risk assessments, including identifying

Role & responsibilities About the role for Internal Candidates Perform 3rd-party audits and trainings according to ISO/IEC 27001, ISO 9001, ISO 20000-1, ISO 22301 & other IT specific standards/ frameworks Provide timely and accurate reviews of clients corrective action and closure Provide customers with timely, complete, and accurate reports of their current level of conformity / implementation of their management system Maintain schedule of audit activity with Management System clients Maintain appropriate auditor credentials and pursues advancement of those credentials and other related credentials as needed. Ensuring compliance with accreditation rules and other internal or external requirements. Ability to manage Key Customers. Supporting the sales team on technical aspects. Familiarity with use of digital tools Preferred candidate profile Bachelors degree in computer Science or equivalent & ideally a higher-level qualification Overall 8+ years experience , 5 Plus years Experience in IT /Management system Implementation / certification and Minimum 5 years of profound experience in the field of information security and External audits Great attitude, Analytical skills and communication skills. Preferred: ITIL Certified, CISA, CISM, CISSP, MCSE, MCSA and/or MBA Good understanding of relevant regulations and industry standards (e.g. ITIL Framework, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, HiTrust and GLBA), best practices and methodologies and the ability to apply these requirements to organizational internal control frameworks. Perks and benefits Flexible work arrangements for better work-life balance Generous Paid Leaves (Annual, Sick, Compassionate, Local Public, Marriage, Maternity, Paternity, Medical leave) Medical benefits ( Insurance and Annual Health Check-up) Pension and Insurance Policies (Group Term Life Insurance, Group Personal Accident Insurance, Travel Insurance) Training and Development Assistance (Training Sponsorship, On-The-Job Training, Training Programme) Additional Benefits (Long Service Awards, Mobile Phone Reimbursement) Company bonus/Profit share. *Benefits may vary based on position, tenure/contract/grade level* DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity. If you are interested in this opportunity, we encourage you to submit your application promptly via the link provided below: https://jobs.dnv.com/job-search/business-assurance/auditor/bangalore-india-hyderabad-india-mumbai-india/lead-auditor-ict/300001120539090

L3 - Senior Consultant - Bengaluru Duties/Responsibilities: L3 As a Senior Consultant, you will be at the front lines with our users supporting them with their Cloud needs specifically helping them navigate the journey to the cloud on the Microsoft 365 platform. Job Description: (Knowledge, Skills, and Abilities) M365 Technologies - MUST have advanced troubleshooting and project implementation skills in 2 or more of the technologies below. Certifications highly preferred (ISO 27001 guidelines). If the candidate has a reasonably strong experience he must complete it within 2 months. Recent learning and certification should be alligned with the future technologies. M365 AzureAD M365 Exchange Online or MDOP 2 M365 InTune - Device Management and Application Management lifecycle, M365 Defender suite (Office 365,EndPoint, Exchange, CloudApps) Microsoft Identify AzureAD, conditional access, integrations SAML Microsoft VDI or DaaS (Microsoft 365, Microsoft Cloud PC) Scripting - powershell, KQL Windows 365 Operating systems and Hardware Microsoft Security and Compliance Team player with experience communication with US users - excellent communication skills Good to have worked in night shifts in the recent future (this is a different genre of people many will find it difficult) Optional.. Must Have InTune - 30% (Patching apps, scripts, automation -AutoPilot, troubleshoot logs) Defender suite - 20% (email, teams, sharepoint, CoPilot, addressing policies and troubleshooting ) Vendor management - 10% (collaborating with MS, HP, Dell, Lenovo, Managed service providers like Microsoft) Security and Compliance products in M365 - 30% (Adanced M365 security features AzureAD, Experience in delivering in SLA environments- 10% Awareness and having worked in ISO 27001 or SOC2 companies - 10% Must work in an IT department with 500+ users or more and be able to mentor juniors in the team. Good to Have Compliance - ISO 27001 or SOC 2 (should have experience working in these environments) Network --> FortiGate UTM (Firewall, IDS, IPS, Web Application Filter) Server Operating systems --> Windows Server 2022, Ubuntu, HyperV Hardware - Laptops, Server and Network Equipment Additional Requirements: Must be willing working in rotational shifts India/US (EST) hrs. BA/BS degree required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology. Certification Certification - M365 Admin certifications in the above technologies are preferred. Must be constantly upgrading/learning new technologies . ******************************************************************************************* If interested with this opportunity, Kindly - do share your updated Resume along with below required details to devaraj.v@valuepointsystems.com OR WhatsApp to 8867682884 Notice Period: Total Experience: Relevant Experience: Current Location: Preferred Location: Current CTC: Expected CTC:

Responsibilities Manage a team of senior Networking and Security personnel. Serves as the subject matter expert (SME) on Cloud networking and security, having previously worked in a senior technical network or security role. Help deliver and manage projects that apply the companys security policies and standards for use in cloud environments. Communicate security concepts to different audiences ranging from business leaders to engineers, as well as customers. Serve as a key subject matter expect in security and networking topics and support delivery of core services from a network security perspective. Mentor and influence team members in implementing and delivering projects and performing ongoing security and network monitoring. Help design security frameworks and effective solutions for vulnerability remediation. Develops standards, policies, and procedures as well as best practices documentation. Able to translate technical requirements into business requirements. Assist team members to update their security and networking skills and knowledge. Collaborate with other IT teams, developers, and business stakeholders to ensure alignment on network and security requirements. Stay up-to-date with the latest cloud networking and security trends and technologies. Develop and execute security roadmaps and initiatives. Drive change and improvements in security delivery of our Cloud security services. Education / Qualifications A university qualification of Bachelor's degree level in Engineering/IT, or a related field. Skills Required: Strong experience in a Security and networking leadership role (5 years+ in a management role combined with previous experience working at a senior technical level for 5 years+ in network/security role). Extensive security management experience in an environment leveraging Azure and/or AWS public cloud platforms. Strong Application, Networking, Cloud Security knowledge and experience. Previous experience working in environments that leverage public Cloud. Extremely knowledgeable in security and networking technical matters. Experience of compliance standards, including ISO27001 and/or SOC2. Familiarity with directives such as GDPR and NIS2/DORA. Experience of team management and interview protocols. Strong understanding of penetration testing and vulnerability assessments. Experience with project management and security project delivery. Solid understanding of application development and SDLC. Security certifications a strong plus (eg CISSP). Fluent English speaker. Desired technical skills or knowledge areas: Expertise in Azure and AWS networking and security services. Proficiency in network protocols and technologies (e.g., TCP/IP, DNS, VPN, routing). Knowledge of security frameworks and standards (e.g., NIST, CIS). Experience with SIEM, IDS/IPS, and vulnerability management tools. Strong practical experience with Fortinet security solutions (FortiGate, FortiAnalyzer, etc.). Proficiency in using Rapid7 security tools (Insight IDR VM) for vulnerability management and forensic investigation. Experience with tooling used for malware analysis and threat prevention. Experience with ManageEngine suite of products, especially PAM360 and Patch Manager Plus. Scripting and automation knowledge (e.g., Python, PowerShell, Terraform).

Job Summary : We are seeking a highly skilled Compliance Specialist with 4-7 years of experience to join our team. The ideal candidate will have a strong understanding of IT environments, risk assessment, and auditing methodologies, along with expertise in regulatory compliance standards such as SOX, ISO27001, HIPAA, GDPR, UK CE+, and NIST. Prior experience with Big 4 firms is highly desirable. Key Responsibilities : Risk and Compliance Assessments : - Conduct assessments to evaluate the design and operational effectiveness of policies, standards, and control frameworks. - Coordinate with process owners and subject matter experts to collect, review, and present artifacts supporting compliance with internal security policies and applicable regulations. Policy and Remediation Support : - Identify common compliance issues and provide solutions to ensure adherence to security policies. - Collaborate with IT and business teams to implement remediations that achieve compliance with information security policies. Automation Initiatives : - Support and manage automation initiatives, including coordination with cross-functional teams to define requirements, gather data, and test designed solutions. - Experience in Robotic Process Automation (RPA) is desirable. Communication and Presentation : - Clearly and concisely present information in a manner that promotes understanding, both in writing and verbally. - Interact professionally with diverse groups and adapt communication to suit various stakeholders. Research and Continuous Improvement : - Conduct research on unfamiliar topics to ensure compliance and knowledge enhancement. - Drive continuous improvement by evolving team processes and incorporating feedback. Global Collaboration : Flexibility to attend meetings across various time zones, including US and Europe. Qualifications and Skills : Educational Background : Bachelor's degree in a relevant field such as Information Security, Risk Management, or IT. Experience : - 4-7 years of audit or compliance experience. - Big 4 experience preferred. Technical Knowledge : - Strong understanding of IT environments, risk assessment, and auditing methodologies. - Familiarity with regulatory frameworks : SOX, ISO27001, HIPAA, GDPR, UK CE+, and NIST. - Experience with RPA is a plus. Communication Skills : - Excellent verbal and written communication skills. - Ability to present information effectively to various audiences. Analytical Skills : - Ability and willingness to research and solve complex compliance challenges. - Interpersonal Skills : Active listener with the ability to guide teams effectively. Hybrid (Primarily Remote, however team is expected to come to office in Delhi/Gurgaon), Mumbai, Delhi / NCR, Bengaluru , Kolkata, Chennai, Hyderabad, Ahmedabad, Pune.

Corporate IT Security and Governance, exp. in Information Security, ISO 27001 Implementation , Documentation. risk assessment , 2nd Line of Defense , Control Review, Control Testing, ITGC controls. ,corporate policies and procedures, GAP Analysis,