2+ ISO/IEC 27001:2005 Jobs in Pune | ISO/IEC 27001:2005 Job openings in Pune

What will you do?

Governance and Policy Development   

·         Develop, implement, and maintain governance policies, SOPs, and related documentation. 

·         Ensure all policies align with industry standards (e.g., FedRAMP, NIST SP 800-53, ISO 27001 family, and HIPAA). 

·         Monitor policy effectiveness and recommend updates based on organizational changes or regulatory updates. 

Risk Management   

·  Conduct risk assessments to identify vulnerabilities, threats, and compliance gaps. 

·  Collaborate with cross-functional teams to design and implement remediation strategies. 

·  Maintain risk registers and monitor mitigation efforts. 

Compliance Oversight   

·  Support the organization in achieving and maintaining FedRAMP certification. 

·  Manage periodic audits, security assessments, and readiness activities for compliance frameworks. 

·  Track and report on compliance metrics, audit findings, and resolution status. 

Training and Awareness   

·  Develop and deliver training programs to enhance employee understanding of compliance policies and procedures. 

·  Act as a point of contact for compliance-related queries within the organization. 

Incident Response and Reporting   

·  Support incident response processes to ensure effective investigation and reporting of compliance-related incidents. 

·  Collaborate with stakeholders to implement corrective actions and prevent recurrence. 

Vendor and Third-Party Risk Management   

·  Assess third-party vendors for compliance with organizational policies and standards. 

·  Ensure contracts include appropriate compliance requirements. 

What do you bring to the table?

Education & Experience   

·  Overall 12- 15 years of relevant experience

·  Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or related field (Master’s preferred). 

·  3+ years of experience in governance, risk, and compliance roles, with specific experience in FedRAMP compliance.  

Knowledge & Skills   

·  Strong understanding of FedRAMP, NIST SP 800-53, ISO 27001, and other relevant frameworks. 

·  Experience in drafting policies, procedures, and SOPs. 

·  Familiarity with GRC tools and platforms (e.g., Archer, ServiceNow GRC). 

·  Excellent communication and documentation skills. 

·  Analytical mindset with attention to detail. 

Certifications (Preferred)   

·  Certified Information Systems Security Professional (CISSP) 

·  Certified Information Systems Auditor (CISA) 

·  Certified Information Security Manager (CISM) 

·  ISO 27001 Lead or Internal auditor

Qualifications & Responsibilities

Year of Experience : 3- 8 yrs

Location : Bangalore, Delhi, Mumbai, Pune

Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.

-          Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.

-          Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements

-          Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

-          Conduct Information Systems audits covering IT infrastructure assets

-          Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

-          Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.

-          Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred

Why NCG?

WHO WE ARE DRIVES WHAT WE DO!

We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.

Are you a Doer or Achiever?

Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.

Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!