Job Description:
ISO 27001 Lead Auditor, responsible for handling enterprise customers for GAP Analysis, Implementations and Certification Process.

Work experience: 5 - 10 Years

Key responsibilities:

1. Design policy framework based on ISO 27001:2013
2. Conduct ISMS audit for clients
3. Develop and maintain audit checklist and documents
4. Work closely with the VAPT team
5. Create and update the hardening checklist
6. Help client to upgrade from the old standards e.g. ISO 27001:2005 to ISO 27001:2013
7. Perform risk assessment and impact analysis
8. Conduct training sessions for clients and the internal team
9. Map various compliances with each- other
10. Provide independent, objective assessment to evaluate whether a client's management systems comply with ISO Standards
11. While on audits; assess client controls, identify control weaknesses and areas for process improvements
12. Provide detailed assessment reports following each client audit
13. Report all audit findings to the clients' management team and ensure that corrective action plans are implemented accordingly
14. Follow up on clients' technical requests in a timely manner
15. Be responsible for diary management and administration duties associated with the role

Skills Required:

1. Sound knowledge of IT Security and Infrastructure audits
2. Proven ability to conduct ISMS audit independently
3. Must have audited minimum 3 clients/ implemented minimum 2 clients
4. Must possess basic knowledge of networking, different flavours of operating system, endpoint devices and security devices
5. Should be a self-learner and must keep herself updated with latest threats and vulnerabilities researched/ discovered
6. Knowledge of business continuity framework and standards
7. Basic knowledge of different compliance standards such as PCI DSS, HIPAA, etc. in addition to ISO 27001
8. Excellent written and Verbal communication skill
9. Education Qualification
BCA/ B.tech/ Diploma
B.Sc- Computers
Certified ISO 27001 LA or ISO 27001 Lead Implementer (Mandatory)

2