Job Title : - ISO 27001 / SOC 2 Process Controller (Full Time)

Experience Level : 1 - 3 years of experience in security or risk management, performing security assessments in a client-facing/ consulting role

Job Location : Mohali (Remote)

Educational Qualifications : 

•  Bachelors Degree in a technical discipline or equivalent work experience in IT and/or Security.

• Any degree in Total Quality Management, or Process Management 

• Any certification of Process Audit like ISO / SOC 2 is preferred.

• Any degree in Quality Control management or similar.

Technical Background/ Tools :

           In audit of ISO 27001 / SOC 2 Type 2, Vanta, Drata

Minimum Required Skills :

• Information Security framework implementation (ISFMI) 

• Risk Management framework, Drafting Risk Registers

• Incident management, Incident tracker

• Experience in conducting internal and external audits

• Experience in Service Organization trust service criteria (SOC 1 & 2) is preferred.

• Excellent writing skills needed to deliver reports detailing findings and associated recommendations for information security programs to help meet the client security and compliance standards.

• Bachelors Degree in a technical discipline or equivalent work experience in IT and/or Security.

• 1 - 3 years of experience in security or risk management, performing security assessments in a client-facing/ consulting role.

• Highly Professionalism, problem-solving, customer-facing and handling skills, time management, good english communication (written and verbal), presentation skills, active listening, flexibility.

• Ability to think holistically and identify areas of technical and non-technical risk.

• Knowledge of writing technical reports and presenting to non-technical audiences.

• Comfortable working in ambiguous and/or undefined situations.

• Must be available for on-project travel.

Job Role & Responsibilities

• Manage, maintain, and improve the compliance management of internal controls to meet internal and external compliance SOC2 and ISO 27001 security requirements.

• Evaluate the design and test the operating effectiveness of key controls identified and provide control enhancement recommendations as appropriate

• Assist with tracking audit exceptions for all audits performed.

• Contribute to other risk management activities, which may include exception monitoring and tracking, vendor viability assessments, and other special projects as needed

• Determines compliance by establishing compliance test standards, conducting and witnessing tests, performing diagnostic procedures, measuring performance, analyzing and evaluating findings, and performing forensic analysis and troubleshooting of failures.

• Attains compliance by isolating and resolving compliance issues, recommending product and process changes, and initiating engineering change orders.

• Documents compliance by completing approval applications, recording test results, preparing investigative reports, preparing, and filing Declarations of Conformity, and maintaining compliance database.

• Maintains engineering team accomplishments by reviewing open issues and action items, coordinating actions, and contributing information and analysis to team meetings and reports.

• Prepares compliance reports by collecting, analyzing, and summarizing measurement data and trends.

• Experience with Vanta or Drata type of platform is preferred. 

• Working of Google Cloud , AWS is preferred