Process Quality Assurance PQA

ISMS & Documentation

Develop and manage security policies, procedures, standards, and SOPs.
Build, maintain, and continuously improve ISMS documentation in alignment with ISO/IEC 27001 requirements.
Maintain ISMS artifacts including risk assessments, risk treatment plans, SoA, and records of controls.

Process & Compliance

Ensure ISMS processes are properly implemented, followed, and documented across teams.
Support the definition and improvement of internal processes related to information security and quality.
Monitor compliance with information security policies and procedures.

Audit & Assessment

Plan and conduct internal ISMS audits and follow up on corrective and preventive actions (CAPA).
Coordinate and support external ISO 27001 audits.
Track audit findings, nonconformities, and improvement actions until closure.

Risk & Awareness

Assist in maintaining the risk register and control effectiveness tracking.
Support information security risk assessment and risk treatment activities.
Support security awareness activities and ensure related records are properly maintained.

Collaboration & Reporting

Collaborate with Engineering, Product, and Operations teams to ensure ISMS requirements are understood and applied.
Prepare compliance reports, audit evidence, and management review materials.
Work closely with the Security (technical) team to align processes and controls with technical implementations.

Experience & Background

2–4 years of experience in Quality Assurance, Process Management, Compliance, or ISMS- related roles.
Hands- on experience working with ISO/IEC 27001 (implementation, maintenance, or audit support).
Background in QA, process improvement, or internal audit is a plus.
Exposure to other standards or frameworks (ISO 9001, SOC 2, GDPR, etc.) is a plus.
Experience in software, SaaS, or product- based environments is preferred.

ISMS & Quality Knowledge

Experience in writing and maintaining policies, procedures, and compliance documentation.
Good understanding of ISO/IEC 27001 clauses and Annex A controls.
Familiarity with internal audit processes and corrective action management.

Skills

Ability to work independently and manage multiple ISMS tasks in parallel.
English level: Upper- Intermediate or above, capable of conducting ISO 27001 audits and compliance discussions fully in English.
Strong analytical, documentation, and organizational skills.
Good communication and collaboration skills.

Salary: up to 30M
Ongoing professional growth opportunities.
Competitive compensation and benefits.
Collaborative and inclusive work culture.
Work on cutting- edge Shopify apps with a talented team.

Cập nhật gần nhất lúc: 2026-02-25 12:40:02