Lucideus - ISO Lead Auditor - Compliance Management

Designation: Compliance Manager

Department: Enterprise Customer Service

Report to: Director, Technology

Location: Delhi (candidate should be open for relocation)

Experience Required: 2-3 years

Job Purpose: Perform Information Security Audit based on ISO 27001, PCI DSS, SOX etc. Standards & Applicable Legal Compliances

Tags#: #isms #iso27001 #leadauditor #leadimplementer #risk #governance #compliance

Job Role:

- Planning and managing the execution and delivery of risk-based IT assessment / compliance reviews, which may include IT general control reviews, IT application control reviews, IT infrastructure reviews, IT operational process reviews, IT governance & strategy design assessments, and SOC-1 and SOC-2 compliance related activities.

- Provides technical assistance and support for incoming information security queries and issues related to computer systems, software, and hardware.

- Reviews violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.

- Conduct risk assessments and security audits, and manage remediation plans.

- Audits systems to ensure data is accurate and up to date.

- Investigates alerts and follow established procedures to remediate conditions that do not follow approved policies and guidelines.

Skills Required:

- Articulate communicator, demonstrating mastery of both spoken and written English.

- Proven history of being a self-starter: proactively identifying problems, determining pragmatic solutions, identifying and obtaining needed resources, and executing with little or no supervision;

- Ability to manage multiple projects and work-streams concurrently and successfully;

- Excellent skills using Excel/Word/PowerPoint and flowcharting tools are required; and

- Ability to handle complex projects in a multi-tasking environment, meeting deadlines and interacting with individuals at all levels within the organization.

Preferred Qualification:

- Experience with security policy development, security awareness education, risk analysis, network penetration testing, application vulnerability assessments.

- Knowledge of information security standards (e.g., ISO 27001,, etc.), rules and regulations related to information security and data confidentiality (e.g. NIST, FAIR, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.

- Proficiency with Linux and Microsoft Windows Server security.

Age bracket: 24-28

Working Conditions: Monday to Friday working

Other / Special Requirements: ISO 27001 lead auditor/lead implementer CISA/CISM/CISSP/PCIDSS