Lead Auditor - ISO 9001

Url to apply- https://in.indeed.com/jobs?q=iso%2027001&l&vjk=f6643bb00577aa95

GelaroGrace Studio - Noida, Uttar Pradesh

₹50,000 a month

We are looking for a qualified lead auditor to perform certification audits for the standards- iSO 27001:2013, 27002:2013 & MPA (Motion Picture Association) Certification. The Information Security and Risk role provides direct oversight of The Information Technology security and risk program. He/She is directly responsible for the day to day management of the program and ongoing program maturity. This includes policy development, Information Security training, Incident Management, Vendor onboarding and overall security posture and IT control environment for the Enterprise. The Information Security and Risk Leader supports the Information Security Officer, Privacy Officer and Chief Compliance Officer.

Job Responsibilities

1. Reporting to the MD, this role will drive the development, implementation and monitoring of comprehensive enterprise information security and IT risk management program.

2. Development and completion (and ongoing update) of an effective audit strategy and plan (including budgets) that provides thorough, risk based coverage for addressing cyber and governance corporate-wide as it relates to technology related operational risks.

3. Effectively reviewing and challenging first and second line cyber and information security assessment ; Engaging, Building and managing relationship with the CISO, IT and Top Management.

4. Leads teams of IT Security and risk professionals in support of organizational risk goals and objectives to drive clarity as to potential areas of material technology risk.

5. Lead the identification, reporting and response to information security risk

6. Develop process measurement and improving the effectiveness of the overall information security program.

7. Coordinates and participates in audits, vulnerability testing, and compliance reviews representing information technology functions in support of security, audit and risk needs.

8.Review, analyze and make recommendations regarding the design and implementation of operational risk management framework as applicable and required for technology risk.

9.Stays current in technology specific operational risk management techniques, industry best practices, and regulatory requirements.

10. Develops methodologies and practices to refine the technology risk framework that drives risk-aware, transparent decision making.

11. Matures the risk based metrics, scorecards and dashboards to track performance as well as identify and monitor trends across the organization.

12. Prepares risk analysis documentation and participates with coordinated reporting as requested

13. Prepares IT related business continuity and disaster recovery documentation and participates with coordinated reporting as requested

14.Provide oversight of vendor onboarding process and vendor security posture assessment

15. Acts as a liaison for the department, maintaining effective and professional relationship with information technology, information security, Purchasing, Contracting, Business Continuity

16. Ability to translate security concerns into business context and articulate to executives, while weighing business needs against security concern in the decision making process

17. Attend Audits, Explain network security to Auditors

18. Review RFPs and respond to every requirement based on solution capabilities and fitment to project requirements.

19. Ensure Audits are cleared from the regulation perspective

20. Try to lower the levels of Non-compliance identified in the audits assessment.

21. Work with internal teams to ensure compliance to ISMS frameworks and regulations applicable for GG are met in a timely manner.

22. Establish a governance process and drive compliance programs

23. Help standardize compliance templates by influencing customers auditors

24. Identify possibilities of automating audits

25. Responsible for assessing information risk and facilitates remediation of identified vulnerabilities for IT Security and IT risk across the enterprises

26. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenario

27. Evaluates the organization to ensure compliance with standards and relevance with industry security norms

28. Research, analyse and identify potential vulnerabilities and security deficiencies in the company's information systems

29. Monitors performance of risk remediation tasks, changes related to risk mitigation and reports on findings

30. Plan and Prepare our network for periodic audits by customers and regulator bodies and ensure compliance to guideline

31. Analyze results, deploy remediation for security audits and penetration testing

32. Explain to the Management non-compliance and other findings.

33.Prepare and submit required reports in a timely manner

Thanks & Regards,

Human Resource Department

Rajni Tomar

Contact no-8800100408

Job Type: Full-time

Salary: From ₹50,000.00 per month

Schedule:

• Day shift

Experience:

• work: 5 years (Preferred)
• total work: 5 years (Preferred)

Education:

• Bachelor's (Preferred)

Work Remotely:

• No