Internal Security Auditor II

What Are We Looking For?

Contentstack is looking for an Internal Security Auditor.

Overview:

The Internal Security Auditor is responsible for maintaining and enhancing Contentstack’s security posture by conducting comprehensive audits and assessments. This role requires an understanding of security and control frameworks, such as SOC2, and ISO27001, their effective implementation, and the ability to translate complex technical information into actionable recommendations. The ideal candidate will be a strategic thinker with strong analytical skills and a proven track record in identifying and mitigating security risks.

Responsibilities:

• SOC2 and ISO27001 Compliance: Oversee the ongoing maintenance of SOC2 and ISO27001 certifications. Coordinate external audits and assessments to ensure compliance with relevant standards and regulations.
• Internal Control Effectiveness: Monitor and evaluate the effectiveness of internal controls related to information security. Identify control gaps and recommend enhancements to strengthen the overall security posture.
• Technical Evaluation: Possess the ability to evaluate technical evidence provided by internal teams, ensuring it aligns with audit objectives and industry standards.
• Audit Planning and Execution: Develop and execute audit plans, including defining objectives, scope, and methodology. 
• Report Writing and Communication: Prepare clear and concise audit reports, summarizing findings, recommendations, and action plans. Communicate effectively with both technical and non-technical stakeholders.
• Continuous Improvement: Stay up-to-date on industry best practices, emerging threats, and regulatory changes. Recommend process improvements to enhance audit efficiency and effectiveness.
• Customer Audits: When necessary, manage and coordinate customer audits, providing necessary documentation and support. Collaborate with cross-functional teams to address audit findings and implement corrective actions.
• GRC Tool Utilization: Leverage GRC tools to manage audit workflows, evidence collection, and reporting.

Qualifications:

• Minimum of 2 years of experience in information security auditing and compliance.
• Proven experience in a team working on SOC2 and ISO27001 audits.
• Strong understanding of information security principles, practices, and technologies.
• Excellent analytical and problem-solving skills.
• Strong attention to detail and organizational abilities.
• Excellent written and verbal communication skills.
• Ability to work independently and as part of a team.
• Understanding the SaaS business model and software development approach.
• Familiarity with one of the major cloud providers (AWS, Azure, GCP)
• Experience with GRC tools (e.g. Carbide, Drata, Vanta)
• Relevant certifications (CISA, IIA CIA) are a plus.

Experience: 2-8 years

Location: Pune/Mumbai/Bangalore