Information Security Auditor - Kota - Asteya Technologies

    Asteya Technologies
    Asteya Technologies Kota

    1 day ago

    ₹600,000 - ₹2,000,000 (INR) per year *
    Description

    Job Title: Information Security Auditor

    Location: Onsite / Hybrid / Remote

    Experience Required: 5 to 8 Years 

    Employment Type: Full-time

    About the Role

    We are seeking an experienced Information Security Auditor to evaluate, assess, and strengthen organizational security controls across multiple compliance frameworks including NIST, ISO 27001:2022, SOC 2, CMMC, and PCI DSS. The candidate will lead risk assessments, audit engagements, security governance reviews, and continuous compliance initiatives, ensuring robust security posture and regulatory adherence.

    Key Responsibilities

    • Plan, execute, and report information security audits across multiple standards and regulatory frameworks.
    • Perform gap assessments, risk analysis, control testing, and compliance readiness reviews against:
    • ISO/IEC 27001:2022
    • NIST CSF / NIST 800-series
    • SOC 2 Type I & II
    • CMMC Levels
    • PCI DSS
    • Evaluate effectiveness of security controls, governance processes, policies, and procedures.
    • Lead internal audits, vendor risk audits, and customer security assurance assessments.
    • Develop and maintain Information Security Management System (ISMS) compliance documentation.
    • Provide audit findings, remediation guidance, and improvement roadmaps to stakeholders.
    • Support certification audits with external assessors.
    • Drive continuous improvement initiatives aligned with risk management and compliance objectives.
    • Work closely with IT, Cybersecurity, Risk, Legal, and Leadership teams.
    • Maintain strong knowledge of evolving industry regulatory requirements and best practices.

    Required Skills & Qualifications

    • Bachelor's degree in Information Security, Computer Science, Engineering, Risk Management, or related field.
    • Hands-on experience auditing and implementing:
    • ISO 27001:2022 controls & certification lifecycle
    • NIST cybersecurity frameworks
    • SOC 2 Trust Services Criteria
    • CMMC compliance
    • PCI DSS security controls and audits
    • Strong understanding of:
    • Risk Management Methodologies
    • IT General Controls (ITGC)
    • Governance, Risk & Compliance (GRC) tools
    • Cloud security controls (AWS/Azure/GCP preferred)
    • Excellent analytical, reporting, and communication skills.
    • Ability to conduct independent audits and present findings to senior leadership.

    Certifications (Mandatory)

    Must hold an active certification from ISACA (International Information Systems Audit and Control Association) such as:

    • CISA – Certified Information Systems Auditor (preferred)
    • Or CISM / CRISC / CGEIT with strong auditing exposure

    Additional beneficial certifications:

    • ISO 27001 Lead Auditor / Implementer
    • PCI QSA (if applicable)
    • CISSP, CEH, or similar cybersecurity credentials

    Key Attributes

    • Strong attention to detail
    • Ethical, confidential handling of sensitive information
    • Ability to work independently and collaboratively
    • Strong stakeholder management and leadership capability
    * This salary range is an estimation made by beBee
Jobs
>
Information security auditor
>
Jobs for Information security auditor in Kota