Conduct based on various IT security compliances (such as ISO 27001, PCI DSS,
NIST SP 800-53, etc.) and support organization to remediate the identified risks
Design policy framework based on ISO 27001:2013
Define controls as per ISO 27002:2013/15 Framework.
Define controls as per NIST SP 800-53 framework
Conduct ISMS audit for clients
Develop and maintain audit checklist and documents
Work closely with the VAPT team
Create and update the hardening checklist
Help client to upgrade from the old standards e.g. ISO 27001:2005 to ISO
27001:2013
Perform risk assessment and impact analysis
Map various compliances with each-other
Experience and Qualifications
M.Tech or B.Tech / B.E./BCA in Computer Science or Information Technology
ISO 27001 Lead Auditor/Lead Implementer (Preferred)
Sound knowledge of IT Security and Infrastructure audits
Proven ability to conduct ISMS, RBI, NBFC etc.. audit independently
Must have audited minimum 3 clients/implemented minimum 2 clients
Must possess basic knowledge of networking, different flavours of operating
system, endpoint devices and security devices
Should be a self learner and must keep herself updated with latest threats and
vulnerabilities researched/discovered
knowledge of business continuity framework and standards
Basic knowledge of different compliance standards such as PCI DSS, HIPAA, etc.
in addition to ISO 27001
