Internal ISMA Auditor - Mumbai, India - GM INFOTECH

Description

• Conduct audits of Information Security Management System (ISMS) based on ISO 27001:2022, NIST, GDPR, ITGC & IEC62443 standards to assess compliance and identify areas for improvement.
• Conduct independent and objective assessments of the ISMS, evaluating the design, implementation, and effectiveness of information security controls.
• Identify vulnerabilities, control weaknesses, and noncompliance issues through interviews, document reviews, testing procedures, and other established audit methodologies.
• Identify and assess the organization's information security risks and develop audit reports detailing findings, recommendations, and corrective actions with recommended mitigation measures.""
• Stay updated with industry trends, standards, and regulations related to information security through professional development activities and participate in information security continuous improvement initiatives to enhance the effectiveness of the ISMS.""
• Collaborate with stakeholders across various departments (IT, HR, Legal) to implement corrective actions effectively.
• Explain audit findings and recommendations to management and relevant parties, ensuring understanding and buyin for proposed actions.""
• Collaborate effectively with diverse client stakeholders to ensure alignment with Information Security Management policies, procedures, guidelines, and processes.""
• Responsible for creating ISMSrelated Documents/Checklists/Policies/SOPs, conducting ISMS Audits, and driving ISMSrelated activities throughout all the locations.""
• Review and customize cyber security training and awareness materials when needed and conduct training on specific programs for clients as determined by the ISMS Manager.""
• Support the organization in achieving and maintaining ISO certification.
• Designed policy framework based on ISO, opened and closed an audit meeting, and assisted with followup audits.
• Review and update audit methodologies and tools based on emerging threats, best practices, and organizational changes.
• Adhere to strict ethical standards and organizational information security policies when handling sensitive data obtained during the audit process."""

• A bachelor's degree in technology or engineering, Information or Cyber Security, Computer Science, BCA/MCA, or a related field is typically required.

Minimum 2-4 years' experience in information security, risk management, or IT auditing, of which two years in a role or function related to Information Security Audit.

• Significant experience in ISO 27001/2 standards for consulting, collaboration, implementation & auditing is highly desirable.
• A strong understanding of information security frameworks like ISO 27001, NIST Cybersecurity Framework (CSF), GDPR, CIS, IEC 62443 or similar.""
• Experience planning, preparing, and delivering internal and external audits, including Compliance Audits.
• Should have detailed experience and knowledge of Cyber/Information Security Governance, Risk Management, and Compliance.
• Experience with regulatory compliance DPDP, CERT-In, NCIIPC, RBI, SEBI, IRDA.
• Knowledge of information security controls, risk assessment methodologies, and vulnerability management principles.
• Proficient in MS Office applications such as Microsoft Office (Word, Excel, PowerPoint & Outlook)
• Proficient in writing clear, concise audit reports with effective communication skills for technical & nontechnical audiences.
• Proficiency in using relevant audit tools and technologies.
• Ability to work under pressure, meet deadlines, and maintain a positive attitude.
• Strong interpersonal skills and ability to work independently or in a team."