Security Auditor

About the job

Responsible for reviewing, maintaining, and updating security policies, procedures, and standards/baselines. 

Support all accreditation programs such as ISO27001, ISAE 3402 Type II, SOC2 Type 2, PCI-DSS and others as may be needed.

Work with different stakeholders including external auditors, business leaders, DPO, Legal, HR, and CIO teams to understand all critical security requirements.

Drive security compliance monitoring. 

Risk assessment for information security and cyber risks 

Adoption of global frameworks such as NIST Cyber Security and CIS etc.

Work with internal Marketing team and external vendors for developing security awareness program. 

Support Business Continuity program including BC Plans, Crisis Management etc. 

Perform internal security audits. Manage certifications such as ISO 27001, SOC etc. 

Perform security audits on application and IT infrastructure including but not limited to network, operating systems (Windows and Linux), databases, access control, Firewalls, IDS/IPS, Web Application Firewalls, Proxies, Cloud infrastructure (Azure and Amazon), Web servers, data center, Email infrastructure, VPN infrastructure, routers, backups, Disaster Recovery, Endpoint Security.

Perform security audits to ensure that controls related to these processes are adequate to mitigate risks.

Perimeter/Internal Security Technologies (Firewalls, IDS/IPS, Proxy, WAF etc.)

Data Loss Prevention technologies and support processes

Network Segmentation and Separation Solutions

Identity and Access Management, Privileged Access and Authentication Solutions

Platform and Configuration Hardening

IT incident and problem management

Threat Intelligence and Insider Threat Detection

Vulnerability assessment, Penetration Testing, and its mitigation 

Security Incident and Event Management (SIEM) Technologies

Cyber Incident and response

Change Management

Role Based Access Controls

Business continuity and Disaster Recovery 

Vendor security assessments 

Minimum Qualification & Background:

5-10 years of relevant experience 

Graduate with one or more professional certifications: ISO27001 LA, CISA, CRISC, CISSP and CISM

Must have experienced a complete ISO27001 journey for a few years at a minimum.

Knowledge and understanding of ISO27001, ISO27002, ISO27017, ISO27018, PCI DSS, NIST cyber security standards and CIS benchmarks.

Must have performed audits of the cloud infrastructure. 

Knowledge and understanding of security related technologies and cloud security. 

Excellent written and verbal communication skills; Documentation and presentation skills