Senior Manager - Infosec Audit

Job Summary:

Information Security Lead Auditor

Key Responsibilities:

1. Internal & External Audits:

• Lead and conduct internal information security audits and assessments to ensure compliance with

  ISO 27001

  ,

  PCI DSS

  ,

  ITGC

  , and other relevant security frameworks.
• Support external audit processes, including preparation for audits, liaison with auditors, and addressing findings to achieve timely closure of non-compliances.
• Prepare clear, concise audit reports that summarize findings, assessments, and risk mitigation recommendations.

2. Third-Party Vendor Risk Assessments:

• Conduct thorough

  third-party vendor risk assessments

  to evaluate the security posture, compliance, and operational risks associated with external vendors.
• Collaborate with procurement and vendor management teams to assess vendors' adherence to security standards (e.g., ISO 27001, PCI DSS, SOC reports).

3. Compliance & Risk Management:

• Ensure compliance with industry regulations (ISO 27001, PCI DSS, ITGC, GDPR, SOC, etc.) by conducting routine assessments and audits of internal processes, systems, and third-party vendors.
• Track audit findings and work with stakeholders to ensure timely remediation of identified issues.

4. Collaboration & Stakeholder Engagement:

• Work closely with IT, Product, legal, HT and admin teams to ensure audits and risk assessments are thorough, accurate, and aligned with the organization’s goals.
• Act as a trusted advisor to management on security-related issues, helping to strengthen the organization’s overall risk management strategy.

5. Soft Skill

• Excellent communication skills, both written and verbal, with the ability to present audit findings and recommendations to both technical and non-technical audiences.
• Strong analytical and problem-solving abilities.
• Highly organized with the ability to manage multiple projects and deadlines.
• Strong attention to detail and a proactive approach to identifying potential risks.