Process Quality Assurance (PQA & ISMS associate)

Process Quality Assurance (PQA & ISMS associate)

LOCATION: HANOI

Job Description

  • Operate and maintain the company’s Information Security Management System (ISMS) for an organization of approximately 300 employees in compliance with ISO/IEC 27001:2022 standards.
  • Develop, update, and manage all ISMS documentation, including policies, procedures, Statement of Applicability (SoA), risk register, risk treatment plan, and evidence repositories.
  • Conduct periodic information security risk assessments; maintain and update the risk register and risk treatment plan; monitor ISMS risk indicators and provide early warnings when thresholds are exceeded.
  • Plan and perform regular ISMS internal audits (every 3–6 months), including preparing audit checklists, documenting findings, and tracking corrective and preventive actions (CAPA) through closure.
  • Lead the annual ISO 27001 certification renewal process, including evidence preparation, coordination with certification bodies for external and surveillance audits, and follow-up on nonconformities until closure.
  • Organize information security awareness programs for all employees, including onboarding training; participate in information security incident analysis and response activities when required.
  • Collaborate with IT, HR, and the Board of Directors on security-related controls such as access control, physical security, supplier management, and asset management.
  • Participate in project process compliance audits as assigned by the PQA Leader; identify nonconformities and monitor improvement actions.
  • Proactively identify and escalate project issues and risks related to schedule, quality, and resource management; support project teams in resolving challenges.
  • Prepare periodic reports on project progress, quality, issues, and risks for management and department heads.

Requirements

  • Minimum 2 years of hands-on experience implementing and operating an ISMS based on ISO 27001 within an IT/software company.
  • Experience completing at least one full ISO 27001 internal audit cycle, including planning, execution, findings management, CAPA tracking, and audit closure.
  • Strong understanding of ISO/IEC 27001:2022, including Annex A controls, Statement of Applicability (SoA), risk registers, and risk treatment processes.
  • Experience supporting external certification audits and surveillance audits.
  • Knowledge of software development methodologies and processes, including SDLC, Agile/Scrum, and Waterfall.
  • Familiarity with ISO 9001 standards; knowledge of CMMI is an advantage.
  • ISO 27001 Internal Auditor or Lead Auditor certification (BSI, Bureau Veritas, TÜV, etc.) is preferred.
  • Strong analytical thinking, system-oriented mindset, and technical documentation skills.
  • Ability to work independently and manage multiple priorities effectively.
  • Good English reading and comprehension skills, particularly for ISMS documentation, audit checklists, and control mappings.

Benefits

Salary: Open to Nego

  • 100% salary during probation period.
  • Performance reviews twice per year.
  • 13th-month salary and additional bonuses during public holidays and special occasions (International Workers’ Day, National Day, New Year, Lunar New Year, etc.).
  • Premium healthcare insurance and annual health check-ups.
  • Full statutory insurance coverage, including Social Insurance, Health Insurance, and Unemployment Insurance.
  • Annual company trip and quarterly team-building activities.
  • Birthday gifts and gifts on special occasions throughout the year.
  • Young, dynamic, and flexible working environment.
  • Working schedule: Monday to Friday with flexible check-in hours.

CONTACT