Position Overview:As the ISMS Lead, you will be responsible for the development, implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in alignment with the ISO/IEC 27001:2022 standard. Acting as the primary advisor and operational sounding board to the Chief Information Security Officer (CISO), you will play a pivotal role in ensuring the organization's security posture remains robust and compliant.Key Responsibilities:
Drive the achievement of ISMS objectives as defined in the organization's security policy, in accordance with ISO/IEC 27001:2022.
Coordinate and conduct risk assessments, vulnerability audits, and security evaluations using the ISO 27005-based ISRM methodology.
Develop, maintain, and continuously improve the ISMS framework, documentation, policies, and procedures.
Support the CISO in:
Designing and implementing security strategies, objectives, roadmaps, and awareness programs.
Participating in executive meetings related to security policy.
Securing necessary resources and support for effective ISMS operation.
Collaborate with the Information Security Manager (ISM) on security budget planning and resource allocation.
Assist operational teams in developing and maintaining risk treatment plans and implementing security controls.
Guide departments in identifying and managing information security risks.
Monitor and report on the effectiveness of risk mitigation measures.
Manage and oversee the implementation of security controls and corrective actions in response to audit findings or incidents.
Capture and integrate security requirements and expectations from all relevant stakeholders.
Build strong relationships with internal stakeholders to ensure policies are understood and followed across the organization.
Stay informed about emerging threats, vulnerabilities, best practices, technologies, and regulations, and propose improvements to the ISMS accordingly.
Ideal Profile:
Proven experience in information security management and ISMS implementation.
Strong knowledge of ISO/IEC 27001:2022 and ISO 27005 standards.
Excellent communication, coordination, and project management skills.
Ability to work cross-functionally with technical and business teams.
Analytical mindset, attention to detail, and proactive approach.
