Job Title : - ISO 27001 / SOC 2 Process Controller (Full Time)
Experience Level : 1 - 3 years of experience in security or risk management, performing security assessments in a client-facing/ consulting role
Job Location : Mohali (Remote)
Educational Qualifications :
Bachelors Degree in a technical discipline or equivalent work experience in IT and/or Security.
Any degree in Total Quality Management, or Process Management
Any certification of Process Audit like ISO / SOC 2 is preferred.
Any degree in Quality Control management or similar.
Technical Background/ Tools :
In audit of ISO 27001 / SOC 2 Type 2, Vanta, Drata
Minimum Required Skills :
Information Security framework implementation (ISFMI)
Risk Management framework, Drafting Risk Registers
Incident management, Incident tracker
Experience in conducting internal and external audits
Experience in Service Organization trust service criteria (SOC 1 & 2) is preferred.
Excellent writing skills needed to deliver reports detailing findings and associated recommendations for information security programs to help meet the client security and compliance standards.
1 - 3 years of experience in security or risk management, performing security assessments in a client-facing/ consulting role.
Highly Professionalism, problem-solving, customer-facing and handling skills, time management, good english communication (written and verbal), presentation skills, active listening, flexibility.
Ability to think holistically and identify areas of technical and non-technical risk.
Knowledge of writing technical reports and presenting to non-technical audiences.
Comfortable working in ambiguous and/or undefined situations.
Must be available for on-project travel.
Job Role & Responsibilities
Manage, maintain, and improve the compliance management of internal controls to meet internal and external compliance SOC2 and ISO 27001 security requirements.
Evaluate the design and test the operating effectiveness of key controls identified and provide control enhancement recommendations as appropriate
Assist with tracking audit exceptions for all audits performed.
Contribute to other risk management activities, which may include exception monitoring and tracking, vendor viability assessments, and other special projects as needed
Determines compliance by establishing compliance test standards, conducting and witnessing tests, performing diagnostic procedures, measuring performance, analyzing and evaluating findings, and performing forensic analysis and troubleshooting of failures.
Attains compliance by isolating and resolving compliance issues, recommending product and process changes, and initiating engineering change orders.
Documents compliance by completing approval applications, recording test results, preparing investigative reports, preparing, and filing Declarations of Conformity, and maintaining compliance database.
Maintains engineering team accomplishments by reviewing open issues and action items, coordinating actions, and contributing information and analysis to team meetings and reports.
Prepares compliance reports by collecting, analyzing, and summarizing measurement data and trends.
Experience with Vanta or Drata type of platform is preferred.
Working of Google Cloud , AWS is preferred
