Infosec Compliance Specialist

Job Role:

·        Regularly assess the effectiveness of the ISMS by conducting internal audits. This involves evaluating compliance with ISO 27001 requirements and identifying areas for improvement.

·        Perform risk assessments to identify vulnerabilities and ensure that appropriate controls are in place to mitigate these risks.

·        Create detailed audit plans that outline the scope, objectives, and procedures for each audit.

·        Record audit findings, including non-conformities and areas for improvement, and provide recommendations for corrective actions.

·        Prepare and present audit reports to management, highlighting key findings and suggesting improvements.

·        Work with various departments to implement corrective actions and continuously improve the ISMS.

·        Identify any gaps in compliance and develop action plans to address them.

·        Drafting and implementing security policies, processes and procedures as necessary to align with ISO 27001 standards.

·        Ensure all security policies, processes and procedures are documented and accessible to relevant personnel.

·        Establish and assess key performance indicators to measure the effectiveness and efficiency of the ISMS.

·        Regularly track and analyze these KPIs to assess system performance.

·        Prepare reports on ISMS performance metrics and present them to management.

·        Regularly review and adjust KPIs to align with organizational goals and changes in the threat landscape.

·        Conduct training sessions to educate employees about information security policies and best practices.

·        Assist in Developing awareness programs to keep information security top-of-mind for all staff.

Requirements

·        A bachelor’s degree in information security, computer science, or a related field.

·        At least five years of experience working with ISMS management system.

·        At least two years of experience leading ISMS management system certification.

·        Deep understanding of ISO 27001 standards, information security principles, practices, and technologies.

·        Ability to perform risk assessments, identify vulnerabilities, and evaluate the effectiveness of security controls.

·        Obtaining certification as an ISO 27001 Lead Auditor or Lead Implementer is highly

recommended.

·        Other relevant certifications like CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are highly recommended.

·        Experience working with ISO 9001 is highly preferred.

Qualifications & Skills

·        Ability to conduct internal audits and manage external certification audits.

·        Able to manage the entire ISMS management system independently; leading and collaborating with other stakeholders to ensure the Information Security Management System (ISMS) is up-to-date and effective.

·        Proficiency in developing and implementing security policies, processes and procedures.

·        Experience in risk assessment and management, implementation planning, and audit processes

·        Leadership and project management skills to oversee the implementation and maintenance of the ISMS.

·        Problem-solving abilities and a proactive approach to security challenges

·        Excellent communication and training skills to educate staff on security practices.

·        Attention to detail and strong analytical skills.