Manager- ISO 27001 and SOC 2 Audits (FEMALE)

Position Summary

• The position is a member of Risk & Compliance org within HCL Technologies. The DCO will be aligned to critical service delivery engagements and will be responsible for ensuring compliance in accordance to client, organizational & regulatory security requirements.

Key Responsibilities -

Perform the following functions :

Lead and manage the internal assessment program, ensuring effective facilitation of assessments. Oversee the program's execution and conduct control testing aligned with established frameworks and standards, including ISO 27001, ISO 22301, ISO 27701, SOC 1 & SOC 2.

Maintain and update the enterprise risk register, ensuring accuracy and completeness of risk data, and develop consolidated risk views for reporting and analysis.

Design and prepare risk dashboards to visualize key metrics and trends, and present comprehensive status reports to senior management as part of the internal risk assessment program

Perform assessments of the in-scope facilities against relevant standards such as ISO 27001, ISO 22301, SOC.

Collaborate closely with various stakeholders to support the entire certification lifecycle.

Engage with relevant stakeholders to manage compliance requirements through awareness initiatives and regular interactions, ensuring users understand and comply with necessary procedures to maintain security.

Identify gaps and non-compliances, and work with relevant stakeholders to ensure timely resolution

Promote a risk-aware culture throughout the organization.

Assist in scoping and develop a calendarized schedule of activities for regular monitoring.

Adhere to a defined escalation matrix to manage identified risks.

Coordinate and facilitate to third parties for external audits.

Stay informed about the latest information security trends and threat landscapes to take proactive measures during assessments.

Keep management informed of critical issues that may impact customers, suppliers, or the company.

Introduce efficiencies to enhance existing programs.

Actively participate in other projects / initiatives as required.

Mandatory knowledge or skills -

Candidates should possess prior relevant experience in risk and compliance, along with appropriate certifications. Experience in handling ISO 27001, SSAE, and PCI requirements across various industries is preferable.

Additional experience with other standards and assessments such as ISO 27701, ISO 42001 and ISO 22301 is advantageous. A foundational understanding of regulatory and statutory compliance is essential.

Experience in managing merger and acquisition activities from an information security perspective is desirable. Candidates are expected to have 10 years of relevant experience in information systems audit / assessment and risk management (including risk assessment and remediation).

Sound knowledge of management reporting and dashboard creation is required.

Proficiency in independently handling projects with strong interpersonal and excellent communication skills is necessary. Candidates should demonstrate strong analytical, Familiarity and experience with managing small to medium initiatives, including timelines, status, interdependency, and risk management, is essential.

The candidate should be adept at assisting with the management of stakeholder needs and expectations, providing consistent and regular communications with support from management.

The ability to effectively balance multiple tasks through careful prioritization and to work collaboratively with others to produce a quality work product is required.

Education Qualification -

Bachelor’s Degree - BE / B Tech / B.Sc, Master degree in any domain, preferably in Information Technology or Computer Science

Certifications Preferred-

Security Certifications like CISA / CRISC / ISO27001

Attributes of Ideal Candidate –

Atleast 10 years’ experience, Relevant or minimum 8-10 years of experience in in the field of ISO 27001 & SSAE 18 / assessment and Risk management (risk assessment and remediation)

We are eager to discuss how your leadership skills and vision align with our organizational goals. Thank you once again for your interest in joining HCLTech.

Strong analytical, problem solving, organizational, documentation; time management skills.

Candidate assists with management of stakeholder needs and expectations while providing consistent and regular communications with support from management

Candidate is able to effectively balance multiple tasks through careful prioritization

Candidate is able to work collaboratively with others to produce a quality work product

Proven ability to communicate with multiple stakeholders

Proven ability to manage output from multiple teams

Excellent spoken and written English

Good Report Writing and Analytical Skills

Proficient in MS Office

Good in Data Analytics, MIS, Inferences and self-scrutiny for continuous improvement