ISO - Quality Assurance

ISO Quality Assurance – INDIA BASED, REMOTE

At Prescient Security, we are on a mission to simplify security and compliance.

Our core values are:

• Bring Order to Chaos
• Be Accountable & See it Through
• 1000% With You
• Support & Collaborate
• Think Outside the Box

Essential Duties and Responsibilities:

• Developing QA Plans: Create and maintain QA frameworks, quality objectives, and assurance plans aligned with applicable standards (e.g., ISO 17021, ISO 27001).
• Defining Quality Criteria: Establish quality benchmarks, review criteria, and acceptance standards for audit processes and deliverables.
• Process Documentation Review: Review internal SOPs, audit methodologies, templates, and guidelines to ensure consistency and compliance
• Audit File Reviews: Perform independent reviews of audit files, reports, and documentation to ensure compliance with certification body requirements.
• Observer Audits: Conduct observer audits (remote/on-site) to evaluate auditor performance and adherence to audit methodologies.
• Sampling and Validation: Select samples of completed audits and validate adequacy of evidence, findings, and conclusions.
• Quality Gap Identification: Identify non-conformities, deviations, and areas of improvement in audit processes and outputs.
• QA Reports: Prepare detailed QA reports highlighting observations, risks, and improvement opportunities.
• Trend Analysis: Analyze recurring issues, systemic gaps, and performance trends across audits and auditors.
• CAPA Management: Ensure corrective and preventive actions (CAPA) are defined, implemented, and verified for effectiveness.
• Root Cause Analysis: Facilitate root cause analysis for major quality issues and systemic failures.
• Process Enhancement: Recommend improvements to audit methodologies, tools, templates, and internal processes.
• Standards Alignment: Ensure compliance with accreditation requirements (e.g., ISO 17021, ISO 19011) and internal policies.
• Accreditation Readiness: Support preparation for accreditation body assessments and surveillance audits.
• Regulatory Updates: Stay updated on changes in standards, accreditation rules, and industry best practices.
• Training Programs: Develop and deliver QA-related training for auditors and internal teams.
• Competency Evaluation: Support evaluation of auditor competence, performance, and qualification criteria.
• Guidance and Coaching: Provide constructive feedback and mentoring to auditors to improve quality.
• Complaint Handling: Review and investigate client complaints related to audit quality and certification decisions.
• Impartiality Assurance: Ensure impartiality and independence are maintained in all audit and certification activities.
• Escalation Management: Escalate critical quality risks to senior management.
• Cross-Functional Collaboration: Work with auditors, technical reviewers, and management to ensure consistent quality standards.
• Management Reporting: Provide periodic QA performance reports, KPIs, and dashboards to leadership.
• Policy Enforcement: Ensure adherence to internal quality policies across all teams.
• Continual Learning: Stay updated with evolving QA practices, ISO standards, and accreditation requirements.
• Certifications: Maintain relevant certifications (e.g., ISO standards, Lead Auditor, Internal Auditor, QA certifications).
• Best Practices Adoption: Benchmark and implement industry best practices in quality assurance.

Work Skills and Qualifications:

• Bachelor’s degree in information technology, Cybersecurity, Engineering, or a related field
• ISO/IEC 27001 Lead Auditor / Internal Auditor
• Knowledge or exposure to ISO 17021 requirements
• Relevant certifications such as:
  • CISA, CISSP, or equivalent (preferred but not mandatory)
• 3–8 years of experience in one or more of the following:
  • Information Security Management Systems (ISMS)
  • Internal/External audits (ISO 27001 or similar standards)
  • Certification body operations or accreditation support
  • IT audit, compliance, or risk management
• Strong understanding of:
  • ISO/IEC 27001 requirements and controls
  • ISO/IEC 17021 and accreditation requirements
  • ISO 19011 (auditing principles and practices)
  • Information Security frameworks (e.g., NIST, SOC 2)
  • Risk assessment and control evaluation techniques
  • Audit lifecycle, certification decision process, and compliance methodologies

NOTE: This job description is not intended to be all-inclusive. Employee may perform other related duties as negotiated to meet the ongoing needs of the organization.

Prescient Security provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age disability or genetics.