Role Responsibilities
- Plan, schedule, and execute internal audits across departments (HR, Admin, IT, NOC, BPO processes, facilities, etc.).
- Conduct process audits to ensure compliance with internal policies, ISMS framework, and client contractual requirements.
- Evaluate compliance with standards such as ISO 27001, SOC 2, ISO 22301 (BCMS) as applicable.
- Identify risks, gaps, and control weaknesses; provide actionable recommendations and track closures.
- Support external certification and surveillance audits by preparing documentation, evidence, and audit trails.
- Collaborate with cross-functional teams to ensure building security controls, physical access management, and people-related security measures are effectively implemented and monitored.
- Maintain and update risk registers, audit checklists, and compliance trackers.
- Drive awareness sessions and trainings in audit readiness and information security processes.
- Report audit findings, risk posture, and compliance status to management with improvement plans
Key Skills:
- Basic understanding of Information Security principles and ISO 27001 framework.
- Knowledge of Risk Management frameworks
- Good understanding of IT and operational processes to assess risks accurately.
- Good people skills, including ability to present to senior management and convey key messages
Qualifications & Experience
- Bachelor’s degree
- ISO 27001 Lead Auditor or Lead Implementer certification is preferred
- 5–7 years of experience in information security compliance, audits, or governance roles.
- Experience handling external certification audits and customer compliance assessments.
