CrawlJobs Logo

Information Security Auditor & Standards Lead

India · Job Posted February 01, 2026
Apply Position
Job Link Share

Job Description

We are seeking a highly experienced Information Security Auditor & Standards Lead with deep, hands-on knowledge of global information security standards and best practices. The individual will independently lead security governance, audit, and compliance activities across frameworks such as ISO 27001 and SOC 2, and continuously enhance the organization’s security and compliance maturity.

Job Responsibility

  • Act as Subject Matter Expert (SME) for ISO 27001, SOC 1 / SOC 2, NIST, and CIS frameworks
  • Interpret security standards and translate requirements into auditable controls
  • Ensure controls are designed, implemented, and maintained effectively
  • Provide guidance on mandatory requirements versus best practices
  • Plan and manage ISO 27001 and SOC audits end-to-end
  • Conduct internal audits and ongoing compliance assessments
  • Serve as primary point of contact for auditors and certification bodies
  • Track audit findings, non-conformities, and corrective actions to closure
  • Own and maintain the Information Security Management System (ISMS)
  • Maintain risk assessments, risk treatment plans, and Statement of Applicability (SoA)
  • Develop, review, and enforce security policies, standards, and procedures
  • Provide standards-driven guidance for new systems, applications, and infrastructure
  • Review new implementations for compliance alignment
  • Advise on control selection, design, and evidence requirements
  • Ensure new implementations are audit-ready by design
  • Provide compliance guidance to Security, Network, IT, Cloud, and HR teams
  • Identify gaps and drive continuous improvement initiatives
  • Support management reviews and executive-level reporting

Requirements

  • 5–8 years of experience in Information Security Auditing / GRC
  • Strong hands-on experience with ISO 27001 and SOC 1 / SOC 2 audits
  • Strong understanding of security principles and control frameworks
  • Excellent communication and documentation skills

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Information Security Auditor & Standards Lead

8 matching positions

Information Security Auditor & Standards Lead

We are seeking a highly experienced Information Security Auditor & Standards Lea...
Location
Location
India
Salary
Salary:
Not provided
bridgesoft.com Logo
Bridge Soft Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5–8 years of experience in Information Security Auditing / GRC
  • Strong hands-on experience with ISO 27001 and SOC 1 / SOC 2 audits
  • Strong understanding of security principles and control frameworks
  • Excellent communication and documentation skills
Job Responsibility
Job Responsibility
  • Act as Subject Matter Expert (SME) for ISO 27001, SOC 1 / SOC 2, NIST, and CIS frameworks
  • Interpret security standards and translate requirements into auditable controls
  • Ensure controls are designed, implemented, and maintained effectively
  • Provide guidance on mandatory requirements versus best practices
  • Plan and manage ISO 27001 and SOC audits end-to-end
  • Conduct internal audits and ongoing compliance assessments
  • Serve as primary point of contact for auditors and certification bodies
  • Track audit findings, non-conformities, and corrective actions to closure
  • Own and maintain the Information Security Management System (ISMS)
  • Maintain risk assessments, risk treatment plans, and Statement of Applicability (SoA)
  • Fulltime
Read More
Arrow Right

Information Security Auditor & Standards Lead

We are seeking a highly experienced Information Security Auditor & Standards Lea...
Location
Location
India
Salary
Salary:
Not provided
bridgesoft.com Logo
Bridge Soft Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5–8 years of experience in Information Security Auditing / GRC
  • Strong hands-on experience with ISO 27001 and SOC 1 / SOC 2 audits
  • Strong understanding of security principles and control frameworks
  • Excellent communication and documentation skills
Job Responsibility
Job Responsibility
  • Act as Subject Matter Expert (SME) for ISO 27001, SOC 1 / SOC 2, NIST, and CIS frameworks
  • Interpret security standards and translate requirements into auditable controls
  • Ensure controls are designed, implemented, and maintained effectively
  • Provide guidance on mandatory requirements versus best practices
  • Plan and manage ISO 27001 and SOC audits end-to-end
  • Conduct internal audits and ongoing compliance assessments
  • Serve as primary point of contact for auditors and certification bodies
  • Track audit findings, non-conformities, and corrective actions to closure
  • Own and maintain the Information Security Management System (ISMS)
  • Maintain risk assessments, risk treatment plans, and Statement of Applicability (SoA)
  • Fulltime
Read More
Arrow Right

Senior Information Security Auditor

The Senior Information Security Auditor is responsible for leading internal audi...
Location
Location
Spain , Barcelona
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong background in ISO standards and GDPR
  • At least 5 years of experience in information security or IT audit roles
  • Excellent communication skills
  • Excellent analytical skills
Job Responsibility
Job Responsibility
  • Leading internal audits
  • Ensuring compliance with security standards
  • Mentoring junior auditors
Read More
Arrow Right

Lead Information Systems Security Officer (ISSO)

We are seeking an experienced and driven Lead Information Systems Security Offic...
Location
Location
United States , Colorado Springs
Salary
Salary:
97016.00 - 168692.00 USD / Year
arcfield.com Logo
Arcfield
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree (8-10 years' exp). Master's degree (6-8 years' exp) or a PhD (3-5 years' exp) in Computer Science, Information Security, Cybersecurity, or a related discipline (or equivalent work experience)
  • 7+ years of experience in cybersecurity or system security-related roles
  • 3+ years of experience in leadership, mentoring, or team management roles in a security-focused environment
  • Proven hands-on experience with security operations, policies, and frameworks
  • Must possess and maintain an ACTIVE TS/SCI CLEARANCE
  • Strong knowledge of cybersecurity frameworks and standards, such as NIST Risk Management Framework (RMF), FISMA, ISO 27001/27002, and GDPR
  • Thorough understanding of operating systems security (Windows, Linux, and Unix), network protocols, and security tools such as firewalls, VPNs, IDS/IPS, and endpoint protection
  • Experience using vulnerability scanning tools such as Nessus, Qualys, or Rapid7, and security information and event management (SIEM) tools like Splunk or LogRhythm
  • Scripting and automation experience with languages like Python, PowerShell, or Bash is preferred
  • Familiarity with cloud security best practices for platforms such as AWS, Microsoft Azure, or Google Cloud Platform
Job Responsibility
Job Responsibility
  • Manage and oversee a team of ISSOs, analysts, and engineers
  • Provide mentorship, training, and guidance for developing team members' skills and expertise
  • Assign and prioritize security-related tasks and initiatives
  • Drive the implementation of best practices for system security
  • Serve as the primary SME on security policies, frameworks, and applicable standards
  • Develop, implement, and maintain System Security Plans (SSPs)
  • Lead periodic risk assessments and vulnerability assessments
  • Manage the certification and accreditation (C&A) process
  • Conduct security audits and reviews
  • Monitor and assess security-related control systems
What we offer
What we offer
  • Health Insurance
  • Life Insurance
  • Paid Time Off
  • Holiday Pay
  • Short Term and Long-Term Disability
  • Retirement and Savings
  • Learning and Development opportunities
  • wellness programs
  • Fulltime
Read More
Arrow Right

Business Information Security Officer

Brown & Brown is seeking a Business Information Security Officer (BISO) to join ...
Location
Location
United States , Daytona Beach
Salary
Salary:
180000.00 - 200000.00 USD / Year
bbrown.com Logo
Brown & Brown UK
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISSP, CISM, or equivalent certifications (preferred)
  • BA/BS in business, security, or technology
  • 8–10+ years of experience in information security, cybersecurity, risk management, governance, physical security, or regulatory compliance, with a focus on business-aligned service delivery
  • Experience working with cross-functional teams
  • Working knowledge of ISO27001, NIST, Cyber Essentials and other security standards
  • Deep experience of security architecture and the tooling required to instantiate
  • Knowledge of Property & Casualty insurance is a plus
  • Experience running a SOC and working cyber incidents
  • Experience leading teams responsible for security across mid-to-large organizations (55+ people)
  • Strong understanding of organizational environments and their connection to external business drivers
Job Responsibility
Job Responsibility
  • Support the implementation, maintenance, and continuous improvement of information and physical security programs in alignment with corporate policies, standards, and frameworks
  • Contribute as a key member in shaping both the Brown & Brown security roadmap and divisional technology roadmap
  • Serve as a subject matter expert for information and physical security, supporting strategy development and execution
  • Provide guidance on prioritizing divisional investments that impact security
  • Allocate security resources (architecture, engineering, operations, risk management) to meet divisional needs
  • Support merger and acquisition activities, including pre-deal due diligence and post-deal 90-day security integration
  • Advise divisional leaders on security-related risk and assist in meeting broader risk management and compliance objectives
  • Monitor emerging security trends and assess potential impacts to divisions or profit centers
  • Ensure risk remediation processes are followed, issues are mitigated, and exceptions are tracked according to organizational standards
  • Manage IT certification and accreditation processes in collaboration with auditors and certification bodies
What we offer
What we offer
  • Health Benefits: Medical/Rx, Dental, Vision, Life Insurance, Disability Insurance
  • Financial Benefits: ESPP
  • 401k
  • Student Loan Assistance
  • Tuition Reimbursement
  • Mental Health & Wellness: Free Mental Health & Enhanced Advocacy Services
  • Beyond Benefits: Paid Time Off, Holidays, Preferred Partner Discounts and more
  • Fulltime
Read More
Arrow Right

Lead Auditor - Cybersecurity Assurance

General Motors Audit Services (GMAS) is seeking a Lead Auditor, Cybersecurity As...
Location
Location
United States , Detroit
Salary
Salary:
Not provided
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or a related field (or equivalent related experience)
  • 5+ years of experience in IT audit, cybersecurity, risk management, or technology assurance, including leading engagements and guiding teams through planning, testing, and reporting
  • Strong understanding of cybersecurity and technology risk, including evaluating confidentiality, integrity, and availability (CIA) across complex, interconnected systems
  • Strong knowledge of internal controls and risk frameworks such as NIST CSF, NIST 800-53, COBIT, ISO 27001, or similar frameworks
  • Understanding of technology infrastructure and operations (e.g., endpoint/server hardening, monitoring, backup/recovery, and change/release practices)
  • Experience assessing controls across core cybersecurity domains such as Identity & Access Management (IAM), privileged access, logging and monitoring, incident response, backup and recovery, vulnerability management, and security configuration controls
  • Strong written and verbal communication skills
  • Demonstrated ability to work independently, exercise sound judgment, manage multiple priorities, and deliver results in a fast-paced environment
  • Domestic travel: 5%–10%. International travel: possible
Job Responsibility
Job Responsibility
  • Lead end-to-end cybersecurity assurance engagements, including scoping, planning, fieldwork, issue development, and reporting
  • Evaluate the effectiveness of cybersecurity controls across key risk areas such as identity and access management, logging and monitoring, vulnerability management, incident response, backup and recovery, and security configuration
  • Apply a risk-based perspective to identify control gaps, emerging threats, and opportunities to improve cybersecurity resilience
  • Review testing workpapers and evidence to ensure conclusions are clear, supportable, and aligned to audit standards and methodology
  • Develop concise, executive-ready reports that clearly articulate risk, root cause, and practical corrective actions
  • Present results and themes to business and technology leaders, including senior management, and align remediation priorities
  • Coach and support team members throughout the audit lifecycle, including testing strategy, issue validation, and stakeholder communication
  • Build strong working relationships with stakeholders across cybersecurity, IT, privacy, compliance, and other relevant functions
  • Contribute to continuous improvement of the cybersecurity assurance program, including risk assessment, planning, and reusable testing approaches
  • Monitor remediation activity and validate that agreed actions appropriately address identified risk
  • Fulltime
Read More
Arrow Right

Business Continuity and Information Security Manager

Who we are: NTT DATA is a leading global provider of infrastructure and platform...
Location
Location
Romania , Brasov
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s degree ideally complemented by certifications such as ISO 27001 (ISO 27XXX) and ISO 22301 (ISO 223XX)
  • Minimum 3- 5 years of experience in security services, including a minimum of 3 years in information security management
  • Solid hands-on experience in business/service continuity management within security-focused environments (e.g., firewalls, proxies, reverse proxies, load balancers, remote access)
  • Good understanding of network environments such as SD-WAN (e.g., Juniper) is an advantage
  • Experience in risk management, audits, and compliance frameworks, with a strong grasp of regulatory requirements and security policy implementation
  • Experience with ISMS frameworks and have contributed to the development and deployment of security management systems
  • Clear and structured documentation, strong analytical and organisational skills, and the ability to manage complex environments
  • Ability to communicate effectively with both technical and non-technical stakeholders and demonstrate strong interpersonal skills
  • Excellent command of both spoken and written English, French would be considered a plus
Job Responsibility
Job Responsibility
  • Joining the team responsible for operating the European Commission’s Network Managed Services under the NMS III framework contract
  • Working in a large-scale, multi-site infrastructure environment across Brussels and Luxembourg
  • Managing responsibilities across business continuity, service continuity, and information security management
  • Acting as the main interface between the organisation and the customer for continuity and security-related matters
  • Leading crisis management escalations and supporting effective communication during major incidents
  • Developing, maintaining, and improving business continuity and disaster recovery strategies
  • Defining, testing, and improving continuity and disaster recovery scenarios
  • Ensuring agreed recovery objectives are met and gaps are addressed through continuous improvement
  • Managing continuity-related risks and maintaining clear process documentation
  • Planning and coordinating regular continuity and disaster recovery exercises
What we offer
What we offer
  • Smooth integration and a supportive mentor
  • Remote, Hybrid or Office work opportunities
  • Different working hours to suit your needs
  • Sponsored certifications, trainings and top e-learning platforms
  • Private Health Insurance – custom-made for you
  • Individual coaching sessions or accredited Coaching School
  • Epic parties or themed events for employees and their families
  • Fulltime
Read More
Arrow Right

Lead Auditor ISO 27001

We are seeking an experienced and autonomous Lead Auditor ISO 27001 to support i...
Location
Location
Slovenia , Lubjana
Salary
Salary:
Not provided
bureauveritas.cz Logo
Bureau Veritas Certification CZ, s.r.o.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Lead Auditor ISO 27001 certification (IRCA, PECB, Exemplar Global, or equivalent recognized body)
  • Minimum 3 years of experience in ISO 27001 audits or ISMS
  • Experience conducting audits in Slovenian organizations (or familiarity with Slovenian/EU regulatory context)
  • Strong knowledge of ISMS, risk management, compliance, and information security governance
  • Deep knowledge of ISO/IEC 27001:2022 (and previous versions)
  • Familiarity with NIST Cybersecurity Framework, ISO 27002, ISO 27035 (incident management)
  • Experience with audit methodologies (sampling, evidence gathering, risk-based approach)
  • Ability to assess technical and organizational ISMS controls
  • Basic knowledge of IT environments, cloud infrastructures, data protection (GDPR)
  • Autonomy and reliability
Job Responsibility
Job Responsibility
  • Conduct ISO 27001 audits: Plan, execute, and report on information security compliance audits at client organizations
  • ISMS assessment: Verify implementation and effectiveness of Information Security Management Systems
  • Non-conformities and recommendations: Identify gaps, prepare detailed reports, and suggest improvement measures
  • Stakeholder communication: Pre-audit briefings, exit meetings, and results discussion with management and IT/Security teams
  • Documentation: Completion of checklists, evidence gathering, photography, and audit documentation per international standards
  • Operational flexibility: Availability for scheduled interventions and, if necessary, short-notice assignments according to planning requirements
Read More
Arrow Right