Competent with best industry standards, regulations, framework requirements: ISO 27001, NIST, Cyber Security Framework, Cloud Security Alliance, Privacy, Vendor Risk Management
Develop and design policy, procedure, templates guidelines based on industry standards / regulation/ framework.
Understand scope and schedule internal audit plan calendar
Conduct internal audit based on calendar plan and assess effectiveness and efficiency of controls implemented.
Carry out internal audit for IT infrastructure / support function based on unified compliance :ISO 27001, NIST, CSA
Conduct and review cloud architecture / infrastructure / applications and highlights risks and mitigation controls
Review network configuration (firewall, IDS, IPS) and highlights risks and gaps
Publish report to stakeholders / management and follow up till closure.
Excellent communications, documentations and presentation skills to management.
To devise a mechanism for bringing improvements to security posture based on RCA/Trend analysis of (Internal and External) audit reports. Track and measure the improvements to closure for critical risks.
Prior experience of at least 5 years in InfoSec Audit program management is a must.
Vendor risk management, third party vendor risk assessment
Should have managed highly technically skilled teams
Should also be an independent contributor at times
Exposure to ISO 27001, NIST , CSA implementation experience in large enterprise/Service provider environment
Good understanding of Application and IT infrastructure
Previous experience in Information Security Management systems will be a plus
Demonstrated ability to influence cross functional teams, clients, team members, and management and external groups.
Excellent Communication skills & Self-starter. Job involves taking on challenges/timely deliveries/good coordination with stakeholders
ISO 27001 LA, ISO 27001 LI,CISA, CISM, CSA
Subject matter expertise in ISO 27001
For More Info. Go To: http://bit.ly/2U4ux1j