• Responsible for managing and supporting compliance of standards- ISO-27001, ISO- 20000, ISO-22301, ISO-9001, PCI-DSS, ISAE-3401/ SSAE-18 for business and technical functions.
• Perform Risk Assessment for functions to identify, evaluate & analyze risk and prepare a treatment plan and follow up in a timely manner for mitigation.
• Maintaining Risk register.
• Perform and support Internal and External Audits from start to closure upon release audit report, follow-up with functions for closure, and maintain the Audit Register.
• Facilitate Customer audit and help them with compliance requirements.
• Responsible for scheduling, coordinating, conducting, and reporting with functions for BCP & IT-DR tests.
• Documentation- development, and review of existing policies, processes, SOPs, and guidelines in templates with correct information and document uploaded on the portal.
• Review MSA/SoW, Contractual requirements of customers and vendors, and advise on information security compliance.
• Develop training & awareness material on Information Security & Privacy and Deliver training to various levels of audience.
• Governance activity- Physical & logical access review, Technical report review, analysis of findings, and reporting.

Skills

Requirements

• Must have basic technical knowledge on IT infrastructure (Server, Network
• devices, Applications, tools)
• Desirable knowledge of VA, Security Audit tools, etc.
• Must have knowledge and understanding of basic information security principles
• Must be aware of global standards such as ISO 27001, ISO 27017, ISO-27018, ISO 20000, ISO 22301, ISO 9001, PCI-DSS, ISAE-3401/ SSAE-18.
• Should preferably have a certification such as Lead Implementer/ Lead
• Auditor – ISO 27001, ISO 20000, ISO 9001, etc.
• Understands and stays updated with industry best practices, selectively
• promotes adoption and fosters a culture of speed, accountability, and Innovation.