Justdial - Internal Auditor - Information Security Compliance

Company name : Justdial Ltd

Location : Bangalore

Level : Internal Auditor, Lead auditor

Experience : 1- 4 years

Must have ISO 27001:2013 or ISO 27001:2022 certificate :

Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, ITGC reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature.

Responsibility :

- Coordinate and manage statutory external audit for SOX (ITGC). Responsible for facilitating the data to external auditors

- Provides management reports by collecting, analysing, and summarizing audit information

- Conduct ISMS security awareness training program within organization

- Support Information Security Manager to manage & mitigate risk assessment and implement ISO 27001 control across organization

- Conduct risk assessment on the framework of ISO 27001/IT General Control and also conduct gap analysis for ISO 27001/ITGC

- Conduct internal audits for various business functions within the organization at defined frequency. Communicates audit progress and findings to respective business head

- Conduct data center audit as per ISO 27001 standard

- Develop and review all information security polices/procedure as per the business requirement, any change in emerging IT law or legal requirement

- Handling end to end ITGC statutory audit requirement (program change control, access control OS&DB, backup process, interview with key personal to understand process, risk assessment)

- Assist and consult organization with the implementation of ISO 27001:2013 and managing the ISMS

- Assist organization in implementing the business continuity for critical function

- Implemented and consulted organization for PCI DSS SAQ A-EP certification

The candidate :

- A bachelor's degree in engineering OR Bsc -IT

- Experience in performing IT audits of banking/financial sector applications

- Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry

(e.g. NIST,PCI-DSS, ISO27001)

- Technical Knowledge of IT Audit Tools

- Experience in carrying out OS/DB/Network reviews

- Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage

- Strong project management, communication (written and verbal) and presentation skills

- A team player

- Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self- assurance, and professionalism

- Preferred Certifications CISA,/ CISSP/, ISO27001 Lead Auditor/Implementer and /CISM

- Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools