Job Title : Information Security Consultant (ISO 27001 / GRC)
Description
We are looking for a skilled and detail-oriented Information Security Consultant with strong experience in ISO 27001:2022 implementation, IT audits, and GRC activities, especially within the BFSI (Banking, Financial Services, and Insurance) sector.
The ideal candidate should have hands-on experience in conducting audits, managing compliance requirements, and implementing Information Security Management Systems (ISMS) for clients.
Key Experience & Skills
The candidate should have proven experience in end-to-end ISO 27001:2022 implementation, including gap assessments, risk assessments, risk treatment planning, and ISMS documentation.
- Hands-on experience in conducting internal and external information security audits onsite at client locations is essential.
- A strong background in BFSI sector audits is highly preferred, along with the ability to understand and implement regulatory and compliance requirements.
- The candidate must be experienced in developing, reviewing, and maintaining information security policies, procedures, and SOPs in line with industry standards.
- In-depth knowledge of cybersecurity frameworks and regulatory guidelines such as NIST Cybersecurity Framework (CSF), ISO 27001:2022, RBI CSF, IRDAI Cyber Security Guidelines, SEBI CSCRF, UIDAI Guidelines, SOC 1 & SOC 2 (Type 1 & Type 2), and Digital Personal Data Protection (DPDP) Rules is required.
Certifications
- ISO 27001 Lead Auditor (IRCA CQI Certified) Mandatory for 23 years of experience
- ISO 27001 along with CISA (ISACA) Preferred for candidates with 5+ years of experience
Key Responsibilities
- The selected candidate will be responsible for leading and managing end-to-end ISO 27001:2022 implementation projects, including defining scope, conducting risk assessments, and preparing ISMS documentation.
- You will perform risk identification, assessment, and treatment activities aligned with ISO standards and organizational context.
- The role involves planning and conducting internal audits, external audits, and compliance reviews across various domains, particularly in BFSI.
- You will also conduct onsite audits based on RBI, IRDAI, SEBI, and UIDAI guidelines, ensuring compliance with regulatory requirements.
- Preparing detailed audit checklists, audit reports, and corrective action plans will be a key part of the role.
- Additionally, you will be responsible for designing, reviewing, and updating security policies, procedures, and documentation, ensuring continuous improvement of the ISMS framework.
- Delivering security awareness sessions and training to clients is also expected.
Soft Skills
- Strong communication and stakeholder management skills
- Excellent documentation and reporting abilities
- Ability to manage multiple assignments independently while meeting deadlines
(ref:hirist.tech)
