Description
Essential Job Duties and Responsibilities:
Footer
Job Title- Assistant Manager, Internal Audit and Compliance
Work location- Candor Tech Space- sector 48, Tikri, Sohna Road, Gurgaon
Work Arrangement - Hybrid.
Kindly note-
We are looking for someone who has skills and experience end to end in implementation, managing internal compliance, and conducting internal audit focusing on ISO 27001. Preferable we are looking for someone who actually manages the ISO 27001 framework as an internal staff within an organisation and not as a consultant (external party) where the role is focus on providing consultation services for their customers and not doing the actual groundwork.
A: Overall Purpose of the Job (Brief description of the primary purpose of this position)
Executes internal compliance program as per the overall strategic information security plan of Aspire Lifestyles in accordance with customer requirements, certifications requirements, and cyber security requirements. A key element of this role is to work with internal stakeholders in business lines and support function.
B: Key Responsibilities (Critical responsibilities and skills of this position, listed in order of importance)
C: Required Competencies & Work Experience (Critical behaviors necessary to successfully perform the job)
- Serve as 2nd line of defense (2LOD), performing continuous assessment of IT security practices and policies to improve the security posture of the company
- Conduct regular risk assessments to identify potential vulnerabilities in systems and processes and develop/implement strategies to mitigate identified risks.
- Produce regular reporting on compliance evidence status.
- Identify compliance gaps and plan the implementation of remediation actions and controls
- Verifying all compliance gaps and implementation of remediation actions/controls are effective.
- Work closely with application and infrastructure architects and ensure the applications and infrastructure isare designed and transitioned to operations based on various business and technology needs.
- Work closely with information technology team to ensure that infrastructure is designed and built with required security controls. Advise on infrastructure security best practices such as server hardening, patch management, secure operating environment.
- Educate employees by planning periodic webinars, emailers and group talk on audits and certifications to promote the culture of information security and compliance.
- Plan, present and follow-up on compliance programs in all security forums such as security steering committee, data protection committee, information security management committee.
- Collect and maintain applicable IT Security Regulations for all relevant geographies.
- Provide expert opinions on information security policies to ensure that these are updated based upon the new security trends, customer needs, incident trend and legal or regulatory requirements.
- Demonstrate expertise in managing third party security assessments across the organization.
- Support the Manager of Audits, Certifications and Attestations in executing internal compliance program.
- Degree in business administration or a technology-related field required.
- Professional security certifications such as CISA, CISSP, ISO/IEC 27001 Lead Auditor.
- Experience with either PCI DSS, ISO 27001 or SOC2 certification required.- Mandatory.
- Minimum of 3 to 7 years of experience in a combination of information security compliance and audits.
- Minimum 2 to 3 years of experience in managing end-to-end internal or external audits (e.g.
scoping, scheduling, audit preparation guidance discussions, coordination of evidence, report review, follow up actions of audit findings)
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
- Excellent written and verbal communication skills and high level of personal integrity
Required Languages (Brief description of the language skills needed to perform the job)
Looking for early joiners.
- English (high proficiency in spoken & written)
