Information Security Auditor
Apply Now
Home Jobs Cybersigma Consulting Services Llp Information Security Auditor

Information Security Auditor

Date Posted
14 July 2026
Location
Noida
Positions
1
Views
1
Employment Information
Open Positions
1
Location
Noida
Address
Noida
Experience
5 Years
Functional Area
Design
Job Description

Role: Information Security Auditor

Industry Type: Emerging Technologies (Cybersecurity)

Department: IT & Information Security

Employment Type: Full Time, Permanent

Role Category: IT Security

UG: B.C.A. in Cybersecurity, B.Tech / B.E. in Any Specialization

Information Security Auditor and Compliance Implementer

Position Overview

Cyber Sigma is looking for an experienced Information Security Auditor and Compliance Implementer who can conduct information security audits while also helping clients implement the required security controls, policies, processes and evidence-management mechanisms.

This role requires both audit knowledge and practical implementation capability. The candidate must be able to understand a clients business and technology environment, identify compliance gaps, recommend corrective actions and support the organization until audit readiness or certification is achieved.

Key Responsibilities

Information Security Auditing

  • Conduct information security, cybersecurity, privacy and regulatory compliance audits.
  • Perform initial scoping and applicability assessments.
  • Conduct interviews with business, IT, security, HR, legal, finance and operations teams.
  • Review policies, procedures, technical configurations, logs, records and supporting evidence.
  • Perform control design and operating-effectiveness assessments.
  • Identify control gaps, nonconformities, observations and improvement opportunities.
  • Prepare detailed audit findings with risk ratings, root causes and recommended corrective actions.
  • Conduct opening meetings, walkthroughs, status meetings and audit closure meetings.
  • Prepare audit reports, compliance reports, management summaries and evidence registers.
  • Track corrective and preventive actions until closure.
  • Support internal audits, external audits, surveillance audits and certification audits.

Compliance Implementation

  • Help clients establish information security and compliance programs.
  • Develop and implement policies, standards, procedures, guidelines and templates.
  • Create compliance implementation plans and remediation roadmaps.
  • Assist clients in defining the scope of their ISMS, PCI DSS, SOC or regulatory compliance program.
  • Conduct risk assessments, business impact assessments and control-gap assessments.
  • Develop risk-treatment plans and track remediation activities.
  • Establish asset inventories, risk registers, vendor registers and compliance registers.
  • Define roles, responsibilities and governance committees.
  • Implement incident-management, change-management, access-control and vulnerability-management processes.
  • Support evidence collection and audit-readiness activities.
  • Conduct employee awareness sessions and control-owner training.
  • Coordinate with technical teams for remediation of infrastructure, application, cloud and network findings.
  • Support clients in maintaining ongoing compliance after certification.

Framework Knowledge

The candidate should have practical experience in several of the following:

  • ISO/IEC 27001
  • ISO/IEC 27002
  • ISO 22301
  • ISO 20000-1
  • PCI DSS
  • SOC 1 and SOC 2
  • GDPR
  • Indian Digital Personal Data Protection requirements
  • NIST Cybersecurity Framework
  • NIST SP 800-53
  • CIS Controls
  • RBI cybersecurity requirements
  • SEBI cybersecurity requirements
  • IRDAI information-security requirements
  • CERT-In directions
  • Third-party risk management
  • Cloud security and privacy compliance

Technical Understanding

  • Identity and access management
  • Active Directory and privileged-access management
  • Network security and firewall configurations
  • Endpoint detection and response
  • Vulnerability assessment and penetration testing
  • Security information and event management
  • Cloud security
  • Backup and disaster recovery
  • Encryption and key management
  • Secure software development
  • Change and patch management
  • Incident detection and response
  • Logging and monitoring
  • Vendor and supply-chain security

Required Qualifications

  • BachelorÆs degree in Computer Science, Information Technology, Cybersecurity or a related discipline.
  • Three to eight years of experience in information security auditing, implementation or compliance consulting.
  • Strong documentation, report-writing and stakeholder-management skills.
  • Ability to independently manage multiple client assignments.
  • Ability to translate regulatory requirements into practical controls.
  • Willingness to travel to client locations when required.

Preferred Certifications

One or more of the following certifications would be preferred:

  • ISO 27001 Lead Auditor
  • ISO 27001 Lead Implementer
  • CISA
  • CISSP
  • CISM
  • PCI Professional qualification
  • ISO 22301 Lead Auditor or Lead Implementer
  • Certified Data Privacy Professional
  • SOC 2 or third-party assurance experience

Key Performance Indicators

  • Percentage of audits completed within the agreed timeline.
  • Quality and accuracy of audit reports.
  • Number of findings successfully closed.
  • Client audit-readiness success rate.
  • Client satisfaction score.
  • Timeliness of evidence review.
  • Effectiveness of implementation recommendations.
  • Percentage of compliance projects completed within scope and budget.
  • Reuse and standardization of templates and implementation assets.

Practical Interview Assessment

Candidates may be asked to:

  1. Conduct a sample control-gap assessment.
  2. Draft an audit finding with risk, evidence, root cause and recommendation.
  3. Prepare an ISO 27001 or PCI DSS implementation roadmap.
  4. Review sample evidence and determine whether it is sufficient.
  5. Explain how they would manage a difficult control owner or delayed remediation.
Share this job: