Manage Information Security to build a strong internal / External audit structure, enhance awareness on International standards on security and quality and implement and manage certifications including but not restricted to ISO 27001,GDPR & ISO 9001 (good to have)
Position Objectives and Expectations
Help implement and sustain certifications including but not restricted to ISO 27001,and 9001
Create awareness on the International standards for information security i.e. ISO 27001, quality ISO 9001 , GDPR
Build a strong team of internal auditors to audit the processes with respect to above standards on a periodic basis.
Be responsible for planning and scheduling of audits at regular intervals.
Based on the audit results, do a broad analysis and initiate corrective and preventive actions at an organizational level to minimize occurrences of repeat non conformities.
Co-ordinate with process owners to ensure that all non conformities with respect to standards are closed by facilitating conducting of root cause analysis and taking corrective and preventive actions that eliminates the root causes.
Build a robust escalation system in place to highlight non closure of non conformities with in stipulated time frame.
Conduct periodically management reviews to report findings of the audits to the leadership.
Responsible to respond to customer RFPs and queries to internal/external or prospective clients pertaining to ISO standards
Responsible for getting VAPT done through an external vendor for all locations globally. Timely closure of all VAPT findings by coordinating with Vendor and internal stakeholders
Recommend ways and means to improve the organizations compliance to standards and hence demonstrate continual improvement
Maintaining and controlling the ISO documentation
Assist the delivery center in developing process plans and standard operating procedures
Running/conducting awareness programme on ISO for all associates and provide guidance to teams in meeting compliance requirements on ISO standards
Responsible for implementation and execution of ISO requirement for the organization
Overall responsibility of driving the ISMS within the organization
Conduct regular reviews of the state of the ISMS with members of the ISF (Information Security Forum)
Actively participate in any information security program of the organization
Unconditionally cooperate in any information security incident investigation
Personal Success Characteristics
Lead auditor for ISO 27001 and GDPR. Additional exposure to ISO 20252 and ISO 9001 will be preferred
Good English verbal and written communication skills.
Knowledge of MS Word, Excel and PowerPoint
Knowledge and experience in basic understanding of Network and Windows Operating systems
Candidate should be familiar with VLAN and Firewall security
Knowledge and experience of managing VAPT for organization
Candidate should be familiar with review of logs, Systems, Network etc.
Good time management skills
Change management skills
Strong analytical mind
Eye for detail
High level of positive attitudes
Proactive approach to problem solving
Previous Experience Requirements
Extensive auditing experience in ISO 27001 and ISO 9001 standards
Must be a certified lead auditor for ISO 27001, Certification in ISO 9001 and GDPR will be an added advantage.
5-9 yrs. work experience
Graduate or above
Lead auditor certified ISO 27001
Lead auditor certified on ISO 9001 and 20252 will be an added advantage
Network Certification CCNA -Cisco certified network professional
MCSA / MCP – Microsoft certified system
Salary: ₹ 8,00,000 - 12,00,000 P.A.
Industry: Healthcare & Medicine
[Apply here ]