Job description:



• 3-10 years of experience required
• Management and Execution of Internal and Third-Party Information Security Audits on-site or remote reviews for new and existing suppliers ensuring compliance with the organization’s Information Security Standards.
• Determine the appropriate levels of controls to safeguard sensitive data and validate those controls are being implemented at third-party supplier sites.
• Provide a full write-up of the Assessment that includes the results and identifies any IS Gaps/risks the business will have to report and address with the third-party supplier.
• Work with BISOs and Business Managers to follow up on all issues identified via on-site reviews utilizing appropriate tracking systems.
• Work with BISOs and Business Managers s to remediate supplier-identified issues including Encryption, Data Authorization, and Data Transitions
• Maintain records regarding all reviews and remediation of identified issues within the approved corporate tools/systems
• Provide guidance to the business customers preparing for external audits that cover Third Party Assessments, resolving audit inquiries about specific write-up's/documentation.
• Serve as the focal point for addressing questions and issues related to Internal and Third-Party Information Security audits execution and status.
• Interact with all lines of business to understand trends and events that will impact the Internal and Third-Party Vendor Services.

Qualifications:

• Domain expertise in Cyber Security Consulting, ISO 27001.
• Management of the Information Security System of the Organization (ISMS) in line with ISO27001.
• Consultancy in IT Security solutions for internal as well as Client s offshore delivery IT infrastructure.
• Should be IT security certifications such as CISSP/ CISM/ CISA/ CPISI Certified (Optional)
• Implementing & managing ISO 27001-related activities (Risk Assessment, Controls Testing, etc.) across all domains of Information security