Job Description

3 - 5 Years
1 Opening
Bangalore

Role description

Internal Auditor - ISO 27001

Location:

Bengaluru (On-site/Hybrid based on project need)

Experience Range:

4 to 6 Years

Job Type:

Full-Time

Role Proficiency

Analyze stakeholder needs and ensure compliance with ISO 27001 and internal security policies. Support business analysis tasks with a focus on information security, audit planning, and risk assessment. Act as an internal control specialist, contributing to audits, risk assessments, and business continuity plans.

Key Responsibilities

Audit & Compliance

Conduct internal and vendor audits to verify compliance with ISO 27001 standards. Collaborate with ISMS champions to enforce security policies and procedures. Prepare for and participate in external audits for ISO certifications. Review and maintain up-to-date documentation related to ISO 27001 and other standards. Ensure documentation readiness for audits and compliance checks.

Risk Management

Conduct risk assessments for business processes, third-party applications, and systems. Facilitate Business Impact Analysis (BIA) and Risk Assessments. Support the development and execution of the Business Continuity Plan (BCP). Identify and document security risks, controls, and mitigation plans.

Stakeholder Engagement

Interface with business stakeholders, explain technical vulnerabilities in simple terms. Coordinate with teams across functions to enforce ISMS and compliance activities. Document and present risk management activities to senior management. Manage internal communications through email, reports, and presentations.

Process & Documentation

Maintain and review policies, SOPs, process flows, and compliance reports. Develop and update presentations to report risk management activities to leadership. Contribute to improvement of audit and compliance processes. Ensure effective use of BA tools, templates, and communication artifacts.

Must Have Skills

Risk Management and Risk Assessment

ISO 27001 Auditing and Compliance

Internal and Vendor Audits

Business Continuity Planning (BCP)

Business Impact Analysis (BIA)

Stakeholder Management and Communication

Cybersecurity / Information Security Standards (ISO 27001, NIST CSF)

Excellent documentation, presentation, and reporting skills

Good to Have Skills

Familiarity with vulnerability management and technical risk analysis. Understanding of third-party risk and vendor assessments. Use of tools for audit tracking and documentation (e.g., GRC tools). Knowledge of data privacy regulations (e.g., GDPR, HIPAA). Exposure to cloud security and application security fundamentals.

Educational Qualifications

B.E. / B.Tech. / MCA / MBA

with specialization in

Information Security

Certifications (Mandatory)

ISO 27001 Lead Auditor Certification

About the Role

You will be part of the Risk & Compliance team responsible for conducting audits, managing information security risks, and ensuring adherence to ISO 27001 standards. You will collaborate with multiple stakeholders, manage documentation, and support audit readiness throughout the year.

Soft Skills

Strong analytical and problem-solving skills Excellent time and task management Ability to convey complex technical concepts to non-technical audiences High attention to detail and proactive communication

Skills

Risk Management,Risk assesment,Compliance,Audit planning, Internal audit, Auditing

About UST

UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world's best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients' organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact--touching billions of lives in the process.