IT Auditor – ISO 27001

A-LIGN India - Remote 1 day ago

healthcare

About the Role

The ISO Lead Auditor works independently and collaboratively to lead and execute Stage 1 audits for clients preparing for certification. In this role, you will be responsible for assessing readiness, identifying gaps, and ensuring alignment with information security and privacy management standards.

Reports to: Managing Consultant

Pay Classification: Full-Time

Responsibilities

Review the client’s documented Information Security Management System (ISMS) and Privacy Information Management System (PIMS)
Evaluate the scope of the management system, including boundaries, applicability, and exclusions
Assess the client’s understanding of ISO/IEC 27001 and ISO/IEC 27701 requirements, including risk assessment and treatment processes
Verify that internal audits and management reviews have been planned and/or conducted
Confirm the allocation of resources and roles for implementing and maintaining the ISMS/PIMS
Identify areas of concern that could be classified as nonconformities in Stage 2
Determine the client’s readiness for Stage 2 audit and provide recommendations
Analyze policies, procedures, risk registers, asset inventories, and data flow diagrams
Ensure documentation aligns with clauses and controls in Annex A of ISO/IEC 27001 and Annex B of ISO/IEC 27701
Evaluate risk assessment methodology and risk treatment plans
Review Statement of Applicability (SoA) and control implementation
Assess alignment with clauses 4–10 (context, leadership, planning, support, operation, performance evaluation, and improvement)
Assess mapping of privacy controls to applicable jurisdictions
Review roles of PII Controllers and PII Processors
Evaluate privacy risk assessments and data subject rights handling
Prepare detailed Stage 1 audit reports with findings, observations, and recommendations
Communicate audit outcomes to clients and internal stakeholders
Collaborate with the audit team to plan Stage 2 activities based on Stage 1 results

Minimum Qualifications

EDUCATION

Bachelor’s Degree in Information Security or related discipline, preferred but not required

EXPERIENCE

Minimum 2-3 years of experience conducting ISMS/PIMS audits
Strong understanding of data protection regulations (e.g., GDPR, CCPA)

CERTIFICATIONS

Certified Lead Auditor in ISO/IEC 27001 and ISO/IEC 27701

SKILLS

Ability to meet deadlines with a high degree of motivation
Excellent analytical, communication, and report-writing skills
Thrives in a fast-paced environment
Ability to work individually as well as collaboratively

Benefits

Healthcare, Dental, and Vision Benefits
Employer Paid Personal Accident Insurance
Competitive Bonus Structure
Home Office Reimbursement
Certification Reimbursement
Personalized Career Coaching
Paid Office Closure December 25-January 1
Generous Paid Time Off
Summer Hours

About A-LIGN

A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com.