Process Quality Assurance (PQA & ISMS associate)
LOCATION: HANOI
Job Description
- Operate and maintain the company’s Information Security Management System (ISMS) for an organization of approximately 300 employees in compliance with ISO/IEC 27001:2022 standards.
- Develop, update, and manage all ISMS documentation, including policies, procedures, Statement of Applicability (SoA), risk register, risk treatment plan, and evidence repositories.
- Conduct periodic information security risk assessments; maintain and update the risk register and risk treatment plan; monitor ISMS risk indicators and provide early warnings when thresholds are exceeded.
- Plan and perform regular ISMS internal audits (every 3–6 months), including preparing audit checklists, documenting findings, and tracking corrective and preventive actions (CAPA) through closure.
- Lead the annual ISO 27001 certification renewal process, including evidence preparation, coordination with certification bodies for external and surveillance audits, and follow-up on nonconformities until closure.
- Organize information security awareness programs for all employees, including onboarding training; participate in information security incident analysis and response activities when required.
- Collaborate with IT, HR, and the Board of Directors on security-related controls such as access control, physical security, supplier management, and asset management.
- Participate in project process compliance audits as assigned by the PQA Leader; identify nonconformities and monitor improvement actions.
- Proactively identify and escalate project issues and risks related to schedule, quality, and resource management; support project teams in resolving challenges.
- Prepare periodic reports on project progress, quality, issues, and risks for management and department heads.
Requirements
- Minimum 2 years of hands-on experience implementing and operating an ISMS based on ISO 27001 within an IT/software company.
- Experience completing at least one full ISO 27001 internal audit cycle, including planning, execution, findings management, CAPA tracking, and audit closure.
- Strong understanding of ISO/IEC 27001:2022, including Annex A controls, Statement of Applicability (SoA), risk registers, and risk treatment processes.
- Experience supporting external certification audits and surveillance audits.
- Knowledge of software development methodologies and processes, including SDLC, Agile/Scrum, and Waterfall.
- Familiarity with ISO 9001 standards; knowledge of CMMI is an advantage.
- ISO 27001 Internal Auditor or Lead Auditor certification (BSI, Bureau Veritas, TÜV, etc.) is preferred.
- Strong analytical thinking, system-oriented mindset, and technical documentation skills.
- Ability to work independently and manage multiple priorities effectively.
- Good English reading and comprehension skills, particularly for ISMS documentation, audit checklists, and control mappings.
Benefits
Salary: Open to Nego
- 100% salary during probation period.
- Performance reviews twice per year.
- 13th-month salary and additional bonuses during public holidays and special occasions (International Workers’ Day, National Day, New Year, Lunar New Year, etc.).
- Premium healthcare insurance and annual health check-ups.
- Full statutory insurance coverage, including Social Insurance, Health Insurance, and Unemployment Insurance.
- Annual company trip and quarterly team-building activities.
- Birthday gifts and gifts on special occasions throughout the year.
- Young, dynamic, and flexible working environment.
- Working schedule: Monday to Friday with flexible check-in hours.
CONTACT
- Send CV to: tuyendung@gem-corp.tech
- Hotline: +842466666100 (Recruitment Team)
- Facebook GEM Careers: https://www.facebook.com/tuyendungGEM
- LinkedIn GEM Careers: https://www.linkedin.com/company/gem-careers-hiring/

