ITC Infotech - Security Auditor - CISSP/CISM Certified

Job Description : - Responsible for reviewing, maintaining, and updating security policies, procedures, and standards/baselines. - Support all accreditation programs such as ISO27001, ISAE 3402 Type II, SOC2 Type 2, PCI-DSS and others as may be needed. - Work with different stakeholders including external auditors, business leaders, DPO, Legal, HR, and CIO teams to understand all critical security requirements. - Drive security compliance monitoring. - Risk assessment for information security and cyber risks. - Adoption of global frameworks such as NIST Cyber Security and CIS etc. - Work with internal Marketing team and external vendors for developing security awareness program. - Support Business Continuity program including BC Plans, Crisis Management etc. - Perform internal security audits. - Manage certifications such as ISO 27001, SOC etc. - Perform security audits on application and IT infrastructure including but not limited to network, operating systems (Windows and Linux), databases, access control, Firewalls, IDS/IPS, Web Application Firewalls, Proxies, Cloud infrastructure (Azure and Amazon), Web servers, data center, Email infrastructure, VPN infrastructure, routers, backups, Disaster Recovery, Endpoint Security. - Perform security audits to ensure that controls related to these processes are adequate to mitigate risks. - Perimeter/Internal Security Technologies (Firewalls, IDS/IPS, Proxy, WAF etc. - Data Loss Prevention technologies and support processes. - Network Segmentation and Separation Solutions. - Identity and Access Management, Privileged Access and Authentication Solutions. - Platform and Configuration Hardening. - IT incident and problem management. - Threat Intelligence and Insider Threat Detection. - Vulnerability assessment, Penetration Testing, and its mitigation. - Security Incident and Event Management (SIEM) Technologies. - Cyber Incident and response. - Change Management. - Role Based Access Controls. - Business continuity and Disaster Recovery. - Vendor security assessments. Minimum Qualification & Background : - 5-10 years of relevant experience. - Graduate with one or more professional certifications : ISO27001 LA, CISA, CRISC, CISSP and CISM. - Must have experienced a complete ISO27001 journey for a few years at a minimum. - Knowledge and understanding of ISO27001, ISO27002, ISO27017, ISO27018, PCI DSS, NIST cyber security standards and CIS benchmarks. - Must have performed audits of the cloud infrastructure. - Knowledge and understanding of security related technologies and cloud security. - Excellent written and verbal communication skills; Documentation and presentation skills. (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 3/31/2025