Job Description

About the Role



We are seeking a detail-oriented and proactive



Information Security Auditor



to join our team. The role involves conducting information security audits and related activities for internal & external stakeholders, including vendors, dealers, and technology partners. It also encompasses activities to ensure organization's compliance with information security standards, conducting internal audits, and supporting the ISO 27001 recertification process. The ideal candidate will play a crucial role in ensuring compliance with information security standards, identifying risks, and recommending actionable improvements.



Key Responsibilities

Information Security Audits:

Plan, execute, and document information security audits within company across all verticals and for external stakeholders, including vendors, dealers, and technology partners. Assess compliance with relevant information security policies, standards, and frameworks (e.g., ISO 27001, NCRF, NIST, GDPR, JAMA-JAPIA Guidelines etc.).

ISO 27001 Compliance and Recertification:

Lead and coordinate the company's ISO 27001 recertification audit process with third-party auditors.



Ensure compliance with ISO 27001 standards and maintain required documentation.



Collaborate with internal stakeholders to address audit findings and implement corrective actions.

Risk Assessment and Mitigation:

Evaluate third-party risks and recommend practical measures to mitigate identified risks. Collaborate with stakeholders to ensure the implementation of corrective actions and improvements.

Policy and Compliance Monitoring:

Ensure that stakeholders adhere to organizational information security policies and regulatory requirements. Assist in the development, review, and improvement of information security policies, procedures, and guidelines.

Stakeholder Engagement:

Serve as the primary point of contact for external stakeholders during audits. Communicate audit findings and recommendations effectively through detailed reports and presentations.

Continuous Improvement:

Stay updated on emerging information security threats, technologies, and industry trends. Contribute to the enhancement of the organization's information security framework and processes.

Qualifications and Skills

Education:

Bachelor's degree in information technology, Computer Science, Cybersecurity, or a related field.

Work Experience:

3-5 years of experience in information security auditing, IT risk management, or a related field.



Hands-on experience with third-party/vendor audits is highly desirable.

Certifications (Preferred):

ISO 27001 Lead Auditor/Implementer



CISSP (Certified Information Systems Security Professional) / CISA (Certified Information Systems Auditor) / CRISC (Certified in Risk and Information Systems Control) or similar

Technical Skills:

Strong knowledge of information security frameworks and standards (e.g., ISO 27001, NCRF etc.).



Familiarity with IT systems, networks, and security controls.



Proficiency in using auditing tools and techniques.

Soft Skills:

Excellent communication and interpersonal skills to interact with external stakeholders.



Strong analytical and problem-solving abilities.



Attention to detail and ability to work independently.



Strong organizational and time management skills.