Hansa Cequity - Assistant Manager - Internal Audit

The incumbent will play the role of an internal auditor for both ISO 27001:2013 and ISO 9001:2015 standards as well as support with all the needs to remain certified with both these standards. All related standards like GDPR, Indian Data Privacy Act, IT act, IRDA cyber security act etc are also included as deemed necessary.

Primary Responsibilities of IA team member

1. Conduct Risk Assessments and suggest Mitigation plans/ Controls; follow-up to closure

2. Conduct/ assist in VAPT and assist in closure of Vulnerabilities

3. Assist/ track ISO control implementations & its effectiveness

4. Prepare/ update of Policies and Processes; responsible to get all docs reviewed as per its (review) frequency

5. Prepare IS and IA Training Plans

6. Conduct Mock Audits and follow-up until closure of audit points.

7. Assist in ISO 27001 and ISO 9001 external Audits and closure of audit points.

8. Assist in audit planning, including the identification of processes for audit review.

9. Execute internal audit assignments for all locations in India.

10. Prepare the audit report for internal audit assignments and discuss audit findings with senior management.

11. Monitor and maintain the CAPA (Corrective Action Preventive Action) program. Assist with follow up corrective actions and oversee timely completion.

Qualifications:

1. BSC IT or equivalent.

2. Basic PM skills

3. Basic awareness of cyber security principles and inclination towards gaining more information in that direction on a continuous basis.

4. Should have conducted at least three ISMS & QMS internal audits and assisted in closure of findings.

5. Broad-based IT experience with technical knowledge of Networks, Hardware, Storage, Operating systems, and Applications, Business Impact Analysis, RTO/ RPO, MAO, Communication Plan, IT DR Drills, Contingency Plans etc.

6. Good understanding of emerging trends in information security and apply new techniques and trends, in-line with overall information security objectives and risk tolerance.

7. Good Oral & writing skills for Policy & Procedures, BCP documentation.

8. IS & QMS Awareness, Training and Assessment: Preparing Training plans and conducting relevant Trainings for stakeholders.

9. Good to have: Experience in working on Cyber Security Projects of Government/ Industry.

10. Good to have: Holds professional certification viz., CISA, CISSP/ CISM, CRISC etc., ISO 27001/ 9001 Implementer/ Lead Auditor etc.