Description:Job Responsibilities:
Internal Audit:
Develop an annual audit plan based on a thorough risk assessment and in alignment with organizational goals and regulatory requirements.
Lead and coordinate internal audit engagements to evaluate the effectiveness of GRC controls, policies, and procedures around ISO 27001, 27701, NIST800-53, PCI/DSS, SOC2, IRAP,
Conduct audits across various departments and functions to assess compliance with company policies, industry standards, and regulatory requirements.
Identify and assess key risks related to governance, risk management, and compliance.
Collaborate with stakeholders to develop risk mitigation strategies and action plans.
Monitor and report on the implementation of risk mitigation initiatives to ensure effectiveness.
Ensure compliance with relevant laws, regulations, standards, and internal policies. Focus on SOC2, ISO 27001, ISO 27701, PCI DSS, HIPAA, NIST and IRAP.
Stay abreast of regulatory changes and industry trends to update audit procedures and compliance programs accordingly.
Provide guidance and support to business units on compliance-related matters.
Prepare clear and concise audit reports detailing findings, recommendations, and corrective actions.
Present audit findings and recommendations to senior management and audit committee members.
Facilitate discussions with stakeholders to address audit findings and promote continuous improvement in GRC practices.
Supervise and mentor audit team members, providing guidance and professional development opportunities.
Foster a culture of integrity, accountability, and continuous learning within the audit team.
Conduct performance evaluations and provide constructive feedback to team members.
PCI/DSS
Conduct thorough assessments and audits of systems, processes, and controls to evaluate compliance with PCI/DSS (Payment Card Industry Data Security Standard) requirements.
Identify gaps, vulnerabilities, and areas of non-compliance, and provide recommendations for remediation.
Prepare detailed assessment reports documenting findings, observations, and recommendations for improving PCI/DSS compliance.
Communicate assessment results to clients, including technical and non-technical stakeholders, in a clear and understandable manner.
Provide expert guidance and advisory services to clients on PCI/DSS requirements, controls, and best practices.
Assist clients in developing and implementing remediation plans to address identified compliance deficiencies.
Assess and evaluate risks associated with payment card data processing and storage within client environments.
Recommend risk mitigation strategies and controls to enhance security posture and compliance with PCI/DSS standards.
Collaborate effectively with clients, internal teams, and external auditors to facilitate the PCI/DSS assessment process.
Serve as a trusted advisor and subject matter expert on PCI/DSS compliance matters.
ISO 27001:
Lead the implementation of the ISO 27001/27701 standard across the organization, including scoping, planning, and executing ISMS initiatives.
Develop and maintain project plans, timelines, and deliverables to ensure successful implementation of ISO 27001/27701 requirements.
Conduct comprehensive risk assessments to identify information security risks and vulnerabilities.
Develop risk treatment plans and controls to mitigate identified risks in alignment with ISO 27001/27701 guidelines.
Develop, review, and update information security policies, procedures, and guidelines to comply with ISO 27001/27701 standards.
Ensure policies and procedures are communicated effectively to all employees and stakeholders.
Develop and deliver training programs on information security policies, procedures, and best practices for employees and stakeholders.
Promote awareness of information security requirements and responsibilities throughout the organization.
Plan and conduct internal audits of the ISMS to assess compliance with ISO 27001/27701 standards and organizational policies.
Monitor and track corrective and preventive actions (CAPAs) to address audit findings and improve ISMS effectiveness.
Maintain documentation of ISMS activities, including risk assessments, policies, procedures, audit reports, and records of compliance activities.
Prepare regular reports and presentations for senior management on the status of ISMS implementation, compliance, and improvement initiatives.
SOC2
IRAP
HIPAA
Qualifications :
Bachelor's degree in Accounting, Finance, Business Administration, or a related field. Advanced degree (e.g., MBA, Master of Accounting) preferred.
Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or similar certification preferred.
Certified Information Systems Security Professional (CISSP), Certified PCI-DSS Professional (PCIP), or similar certifications highly desirable.
Minimum of 8+ years of experience in internal auditing, with specific experience in GRC audit management.
Certified Information Security Manager (CISM), or ISO 27001 Lead Auditor/Implementer certification required.
Minimum of 8+ years of experience in implementing and managing Information Security Management Systems (ISMS) based on ISO 27001/27701 standards.
Strong understanding of ISO 27001/27701 requirements, controls, and implementation best practices.
Strong understanding of governance frameworks, risk management practices, and regulatory requirements.
Excellent analytical skills and attention to detail.
Effective communication skills, with the ability to interact confidently with stakeholders at all levels of the organization.
Requirements:Job Responsibilities:Internal Audit:Develop an annual audit plan based on a thorough risk assessment and in alignment with organizational goals and regulatory requirements.
Lead and coordinate internal audit engagements to evaluate the effectiveness of GRC controls, policies, and procedures around ISO 27001, 27701, NIST800-53, PCI/DSS, SOC2, IRAP,
Conduct audits across various departments and functions to assess compliance with company policies, industry standards, and regulatory requirements.
Identify and assess key risks related to governance, risk management, and compliance.
Collaborate with stakeholders to develop risk mitigation strategies and action plans.
Monitor and report on the implementation of risk mitigation initiatives to ensure effectiveness.
Ensure compliance with relevant laws, regulations, standards, and internal policies. Focus on SOC2, ISO 27001, ISO 27701, PCI DSS, HIPAA, NIST and IRAP.
Stay abreast of regulatory changes and industry trends to update audit procedures and compliance programs accordingly.
Provide guidance and support to business units on compliance-related matters.
Prepare clear and concise audit reports detailing findings, recommendations, and corrective actions.
Present audit findings and recommendations to senior management and audit committee members.
Facilitate discussions with stakeholders to address audit findings and promote continuous improvement in GRC practices.
Supervise and mentor audit team members, providing guidance and professional development opportunities.
Foster a culture of integrity, accountability, and continuous learning within the audit team.
Conduct performance evaluations and provide constructive feedback to team members.
PCI/DSSConduct thorough assessments and audits of systems, processes, and controls to evaluate compliance with PCI/DSS (Payment Card Industry Data Security Standard) requirements.
Identify gaps, vulnerabilities, and areas of non-compliance, and provide recommendations for remediation.
Prepare detailed assessment reports documenting findings, observations, and recommendations for improving PCI/DSS compliance.
Communicate assessment results to clients, including technical and non-technical stakeholders, in a clear and understandable manner.
Provide expert guidance and advisory services to clients on PCI/DSS requirements, controls, and best practices.
Assist clients in developing and implementing remediation plans to address identified compliance deficiencies.
Assess and evaluate risks associated with payment card data processing and storage within client environments.
Recommend risk mitigation strategies and controls to enhance security posture and compliance with PCI/DSS standards.
Collaborate effectively with clients, internal teams, and external auditors to facilitate the PCI/DSS assessment process.
Serve as a trusted advisor and subject matter expert on PCI/DSS compliance matters.
ISO 27001:Lead the implementation of the ISO 27001/27701 standard across the organization, including scoping, planning, and executing ISMS initiatives.
Develop and maintain project plans, timelines, and deliverables to ensure successful implementation of ISO 27001/27701 requirements.
Conduct comprehensive risk assessments to identify information security risks and vulnerabilities.
Develop risk treatment plans and controls to mitigate identified risks in alignment with ISO 27001/27701 guidelines.
Develop, review, and update information security policies, procedures, and guidelines to comply with ISO 27001/27701 standards.
Ensure policies and procedures are communicated effectively to all employees and stakeholders.
Develop and deliver training programs on information security policies, procedures, and best practices for employees and stakeholders.
Promote awareness of information security requirements and responsibilities throughout the organization.
Plan and conduct internal audits of the ISMS to assess compliance with ISO 27001/27701 standards and organizational policies.
Monitor and track corrective and preventive actions (CAPAs) to address audit findings and improve ISMS effectiveness.
Maintain documentation of ISMS activities, including risk assessments, policies, procedures, audit reports, and records of compliance activities.
Prepare regular reports and presentations for senior management on the status of ISMS implementation, compliance, and improvement initiatives.
SOC2IRAPHIPAAQualifications :Bachelor's degree in Accounting, Finance, Business Administration, or a related field. Advanced degree (e.g., MBA, Master of Accounting) preferred.
Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or similar certification preferred.
Certified Information Systems Security Professional (CISSP), Certified PCI-DSS Professional (PCIP), or similar certifications highly desirable.
Minimum of 8+ years of experience in internal auditing, with specific experience in GRC audit management.
Certified Information Security Manager (CISM), or ISO 27001 Lead Auditor/Implementer certification required.
Minimum of 8+ years of experience in implementing and managing Information Security Management Systems (ISMS) based on ISO 27001/27701 standards.
Strong understanding of ISO 27001/27701 requirements, controls, and implementation best practices.
Strong understanding of governance frameworks, risk management practices, and regulatory requirements.
Excellent analytical skills and attention to detail.
Effective communication skills, with the ability to interact confidently with stakeholders at all levels of the organization.
Job Responsibilities:Job Responsibilities:
Internal Audit:
Develop an annual audit plan based on a thorough risk assessment and in alignment with organizational goals and regulatory requirements.
Lead and coordinate internal audit engagements to evaluate the effectiveness of GRC controls, policies, and procedures around ISO 27001, 27701, NIST800-53, PCI/DSS, SOC2, IRAP,
Conduct audits across various departments and functions to assess compliance with company policies, industry standards, and regulatory requirements.
Identify and assess key risks related to governance, risk management, and compliance.
Collaborate with stakeholders to develop risk mitigation strategies and action plans.
Monitor and report on the implementation of risk mitigation initiatives to ensure effectiveness.
Ensure compliance with relevant laws, regulations, standards, and internal policies. Focus on SOC2, ISO 27001, ISO 27701, PCI DSS, HIPAA, NIST and IRAP.
Stay abreast of regulatory changes and industry trends to update audit procedures and compliance programs accordingly.
Provide guidance and support to business units on compliance-related matters.
Prepare clear and concise audit reports detailing findings, recommendations, and corrective actions.
Present audit findings and recommendations to senior management and audit committee members.
Facilitate discussions with stakeholders to address audit findings and promote continuous improvement in GRC practices.
Supervise and mentor audit team members, providing guidance and professional development opportunities.
Foster a culture of integrity, accountability, and continuous learning within the audit team.
Conduct performance evaluations and provide constructive feedback to team members.
PCI/DSS
Conduct thorough assessments and audits of systems, processes, and controls to evaluate compliance with PCI/DSS (Payment Card Industry Data Security Standard) requirements.
Identify gaps, vulnerabilities, and areas of non-compliance, and provide recommendations for remediation.
Prepare detailed assessment reports documenting findings, observations, and recommendations for improving PCI/DSS compliance.
Communicate assessment results to clients, including technical and non-technical stakeholders, in a clear and understandable manner.
Provide expert guidance and advisory services to clients on PCI/DSS requirements, controls, and best practices.
Assist clients in developing and implementing remediation plans to address identified compliance deficiencies.
Assess and evaluate risks associated with payment card data processing and storage within client environments.
Recommend risk mitigation strategies and controls to enhance security posture and compliance with PCI/DSS standards.
Collaborate effectively with clients, internal teams, and external auditors to facilitate the PCI/DSS assessment process.
Serve as a trusted advisor and subject matter expert on PCI/DSS compliance matters.
ISO 27001:
Lead the implementation of the ISO 27001/27701 standard across the organization, including scoping, planning, and executing ISMS initiatives.
Develop and maintain project plans, timelines, and deliverables to ensure successful implementation of ISO 27001/27701 requirements.
Conduct comprehensive risk assessments to identify information security risks and vulnerabilities.
Develop risk treatment plans and controls to mitigate identified risks in alignment with ISO 27001/27701 guidelines.
Develop, review, and update information security policies, procedures, and guidelines to comply with ISO 27001/27701 standards.
Ensure policies and procedures are communicated effectively to all employees and stakeholders.
Develop and deliver training programs on information security policies, procedures, and best practices for employees and stakeholders.
Promote awareness of information security requirements and responsibilities throughout the organization.
Plan and conduct internal audits of the ISMS to assess compliance with ISO 27001/27701 standards and organizational policies.
Monitor and track corrective and preventive actions (CAPAs) to address audit findings and improve ISMS effectiveness.
Maintain documentation of ISMS activities, including risk assessments, policies, procedures, audit reports, and records of compliance activities.
Prepare regular reports and presentations for senior management on the status of ISMS implementation, compliance, and improvement initiatives.
SOC2
IRAP
HIPAA
Qualifications :
Bachelor's degree in Accounting, Finance, Business Administration, or a related field. Advanced degree (e.g., MBA, Master of Accounting) preferred.
Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or similar certification preferred.
Certified Information Systems Security Professional (CISSP), Certified PCI-DSS Professional (PCIP), or similar certifications highly desirable.
Minimum of 8+ years of experience in internal auditing, with specific experience in GRC audit management.
Certified Information Security Manager (CISM), or ISO 27001 Lead Auditor/Implementer certification required.
Minimum of 8+ years of experience in implementing and managing Information Security Management Systems (ISMS) based on ISO 27001/27701 standards.
Strong understanding of ISO 27001/27701 requirements, controls, and implementation best practices.
Strong understanding of governance frameworks, risk management practices, and regulatory requirements.
Excellent analytical skills and attention to detail.
Effective communication skills, with the ability to interact confidently with stakeholders at all levels of the organization.
What We OfferExciting Projects: We focus on industries like High-Tech, communication, media, healthcare, retail and telecom. Our customer list is full of fantastic global brands and leaders who love what we build for them.
Collaborative Environment: You Can expand your skills by collaborating with a diverse team of highly talented people in an open, laidback environment - or even abroad in one of our global centers or client facilities!
Work-Life Balance: GlobalLogic prioritizes work-life balance, which is why we offer flexible work schedules, opportunities to work from home, and paid time off and holidays.
Professional Development: Our dedicated Learning & Development team regularly organizes Communication skills training(GL Vantage, Toast Master),Stress Management program, professional certifications, and technical and soft skill trainings.
Excellent Benefits: We provide our employees with competitive salaries, family medical insurance, Group Term Life Insurance, Group Personal Accident Insurance , NPS(National Pension Scheme ), Periodic health awareness program, extended maternity leave, annual performance bonuses, and referral bonuses.
Fun Perks: We want you to love where you work, which is why we host sports events, cultural activities, offer food on subsidies rates, Corporate parties. Our vibrant offices also include dedicated GL Zones, rooftop decks and GL Club where you can drink coffee or tea with your colleagues over a game of table and offer discounts for popular stores and restaurants!
About GlobalLogicGlobalLogic is a leader in digital engineering. We help brands across the globe design and build innovative products, platforms, and digital experiences for the modern world.
By integrating experience design, complex engineering, and data expertise-we help our clients imagine what's possible, and accelerate their transition into tomorrow's digital businesses.
Headquartered in Silicon Valley, GlobalLogic operates design studios and engineering centers around the world, extending our deep expertise to customers in the automotive, communications, financial services, healthcare and life sciences, manufacturing, media and entertainment, semiconductor, and technology industries.
GlobalLogic is a Hitachi Group Company operating under Hitachi, Ltd. (TSE: 6501) which contributes to a sustainable society with a higher quality of life by driving innovation through data and technology as the Social Innovation Business.