Internal Auditor – ISO 27001

Location: Bengaluru (On-site/Hybrid based on project need)
Experience Range: 4 to 6 Years
Job Type: Full-Time

Role Proficiency

Analyze stakeholder needs and ensure compliance with ISO 27001 and internal security policies. Support business analysis tasks with a focus on information security, audit planning, and risk assessment. Act as an internal control specialist, contributing to audits, risk assessments, and business continuity plans.

Key Responsibilities Audit & Compliance

Conduct internal and vendor audits to verify compliance with ISO 27001 standards.

Collaborate with ISMS champions to enforce security policies and procedures.

Prepare for and participate in external audits for ISO certifications.

Review and maintain up-to-date documentation related to ISO 27001 and other standards.

Ensure documentation readiness for audits and compliance checks.

Risk Management

Conduct risk assessments for business processes, third-party applications, and systems.

Facilitate Business Impact Analysis (BIA) and Risk Assessments.

Support the development and execution of the Business Continuity Plan (BCP).

Identify and document security risks, controls, and mitigation plans.

Stakeholder Engagement

Interface with business stakeholders, explain technical vulnerabilities in simple terms.

Coordinate with teams across functions to enforce ISMS and compliance activities.

Document and present risk management activities to senior management.

Manage internal communications through email, reports, and presentations.

Process & Documentation

Maintain and review policies, SOPs, process flows, and compliance reports.

Develop and update presentations to report risk management activities to leadership.

Contribute to improvement of audit and compliance processes.

Ensure effective use of BA tools, templates, and communication artifacts.

Must Have Skills

Risk Management and Risk Assessment

ISO 27001 Auditing and Compliance

Internal and Vendor Audits

Business Continuity Planning (BCP)

Business Impact Analysis (BIA)

Stakeholder Management and Communication

Cybersecurity / Information Security Standards (ISO 27001, NIST CSF)

Excellent documentation, presentation, and reporting skills

Good to Have Skills

Familiarity with vulnerability management and technical risk analysis.

Understanding of third-party risk and vendor assessments.

Use of tools for audit tracking and documentation (e.g., GRC tools).

Knowledge of data privacy regulations (e.g., GDPR, HIPAA).

Exposure to cloud security and application security fundamentals.

Educational Qualifications

B.E. / B.Tech. / MCA / MBA with specialization in Information Security

Certifications (Mandatory)

ISO 27001 Lead Auditor Certification

About the Role

You will be part of the Risk & Compliance team responsible for conducting audits, managing information security risks, and ensuring adherence to ISO 27001 standards. You will collaborate with multiple stakeholders, manage documentation, and support audit readiness throughout the year.

Soft Skills

Strong analytical and problem-solving skills

Excellent time and task management

Ability to convey complex technical concepts to non-technical audiences

High attention to detail and proactive communication