Job Title: IT Auditor – ISO/IEC 27001:2022 (ISMS Specialist)Location: MumbaiExperience: 1–7 YearsEmployment Type: Full-TimeJob SummaryWe are looking for a qualified IT Auditor with hands-on experience in Information Security Management Systems (ISMS) and certification in ISO/IEC 27001:2022. The ideal candidate will be responsible for auditing, implementing, monitoring, and improving ISMS processes to ensure compliance with ISO 27001:2022 requirements and organizational security policies.Key ResponsibilitiesISMS Governance & ComplianceLead and conduct ISMS internal audits aligned with ISO/IEC 27001:2022 clauses and Annex A controls.Evaluate the design and effectiveness of ISMS controls and policies.Ensure alignment of ISMS with business objectives and risk appetite.Support certification, surveillance, and recertification audits.Maintain and update ISMS documentation (policies, SOPs, risk registers, SoA).Risk ManagementConduct enterprise-wide information security risk assessments.Review risk treatment plans and monitor mitigation actions.Maintain risk registers and ensure periodic risk reviews.Evaluate third-party/vendor security risk assessments.Audit & Control TestingPerform ITGC audits (Access Management, Change Management, Backup, DR, Logging & Monitoring).Test technical and administrative controls for effectiveness.Identify control gaps and provide practical remediation recommendations.Track and validate closure of audit findings.Reporting & Stakeholder ManagementPrepare comprehensive audit reports with risk-based insights.Present audit findings to senior management and stakeholders.Provide advisory support on ISO 27001 compliance and security improvements.Required QualificationsBachelor’s degree in IT, Computer Science, Cybersecurity, or related field.Certified ISO/IEC 27001:2022 Lead Auditor or Lead Implementer.4+ years of experience in IT audit, ISMS implementation, or information security governance.Strong understanding of:ISO 27001:2022 clauses (4–10)Annex A controls (2022 version – 93 controls)Risk assessment methodologies (ISO 27005 preferred)IT General Controls (ITGC)Regulatory and data protection requirements (where applicable)
Job Title
IT Auditor