Lead Auditor

Key responsibilities:

• Develop and implement comprehensive audit plans aligned with organisational risk assessments and relevant standards.
• Conduct audits of clients Information Security Management System (ISMS) based on ISO 27001, NIST, and other applicable standards to assess compliance and identify areas for continual improvement.
• Conduct independent and objective assessments of the ISMS, evaluating the design, implementation, and effectiveness of information security controls.
• Identify vulnerabilities, control weaknesses, and non-compliance issues through interviews, document reviews, testing procedures, and other established audit methodologies.
• Identify and assess the organisation's information security risks and develop audit reports detailing findings, recommendations, and corrective actions with recommended mitigation measures.
• Collaborate with stakeholders across various departments (IT, HR, Legal, etc.) to implement corrective actions effectively.
• Collaborate effectively with diverse client stakeholders to ensure alignment with Information Security Management policies, procedures, guidelines, and processes.
• Responsible for creating ISMS-related Documents/Checklists/Policies/SOPs, conducting ISMS Audits, and driving ISMS-related activities throughout all the locations.
• Support the organisation/clients in achieving and maintaining ISO 27001 certification.
• Designed policy framework based on ISO 27001, opening and closing of an audit meeting, and assisted with follow-up audits.
• Review and update ISMS audit methodologies and tools based on emerging threats, best practices, and organisational changes.
• Adhere to strict ethical standards and organizational information security policies when handling sensitive data obtained during the audit process.

Key skills/knowledge/experience: (Up to 10, Avoid repetition)

• Significant experience in ISO 27001/2 standards for consulting, collaboration, implementation & auditing is highly desirable.
• A strong understanding of information security frameworks like ISO 27001, NIST Cybersecurity Framework (CSF), GDPR, CIS or similar.
• Experience planning, preparing, and delivering internal and external audits, including Compliance Audits.
• Should have detailed experience and knowledge of Cyber/Information Security Governance, Risk Management, and Compliance.
• Knowledge of industry good practices and procedures, Information Security Management tools-methods-techniques-and their applications, ISMS specific documentation structures-hierarchy-and interrelationships, electronic and digital signatures, electronic evidence collection, etc.
• Strong Knowledge of Audit planning, Audit risks, Information Security Process Analysis, information security controls, risk assessment methodologies, vulnerability management principles and Internal Auditing of Information Security Management Systems.