ISMS- Manager

Line of Service

Internal Firm Services

Industry/Sector

Not Applicable

Specialism

IFS - Information Technology (IT)

Management Level

Manager

Job Description & Summary

At PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice, and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively.

Those in governance, risk, controls and compliance at PwC will be responsible for confirming regulatory compliance and managing risks for clients. Your work will involve providing advice and solutions to help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively.

Enhancing your leadership style, you motivate, develop and inspire others to deliver quality. You are responsible for coaching, leveraging team member’s unique strengths, and managing performance to deliver on client expectations. With your growing knowledge of how business works, you play an important role in identifying opportunities that contribute to the success of our Firm. You are expected to lead with integrity and authenticity, articulating our purpose and values in a meaningful way. You embrace technology and innovation to enhance your delivery and encourage others to do the same.

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:

• Analyse and identify the linkages and interactions between the component parts of an entire system.

• Take ownership of projects, ensuring their successful planning, budgeting, execution, and completion.

• Partner with team leadership to ensure collective ownership of quality, timelines, and deliverables.

• Develop skills outside your comfort zone, and encourage others to do the same.

• Effectively mentor others.

• Use the review of work as an opportunity to deepen the expertise of team members.

• Address conflicts or issues, engaging in difficult conversations with clients, team members and other stakeholders, escalating where appropriate.

• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements.

The ISMS manager will

   - Oversee the development, implementation, and continual improvement of the ISMS in accordance with ISO/IEC 27001 and other relevant standards.

   - He shall Ensure the ISMS is aligned with the organization’s strategic objectives and risk management framework.

   - Conduct regular risk assessments and risk treatment plans to identify, evaluate, and mitigate information security risks.

   - Develop, implement, and maintain information security policies, procedures, and guidelines.

   - Ensure compliance with relevant legal, regulatory, and contractual requirements related to information security.

   - Coordinate internal and external audits to maintain ISO/IEC 27001 certification and address any non-conformities.

   - Develop and manage an incident response plan to effectively address and mitigate security incidents.

  

- Promote information security awareness across the organization through training programs and awareness campaigns.

   - Communicate effectively with senior management and other stakeholders about information security issues, risks, and initiatives.

   - Provide regular reports on the performance of the ISMS and security posture of the organization.

   - Drive continuous improvement of the ISMS through regular reviews, feedback, and implementation of best practices.

   - Monitor industry trends and emerging threats to ensure the organization’s information security measures remain effective and up-to-date.

We are seeking a highly skilled, experienced, managerial individual to join our Information Security Management System (ISMS) team. The successful candidate will play a crucial role in maintaining and enhancing our ISMS framework, ensuring compliance with ISO/IEC 27001 standards, compliance with client contractual security requirements and supporting the overall cybersecurity posture of the organization. This position requires a strong understanding of information security principles, risk management, industry best information security practices and regulatory requirements.

- Manage strategy, development, implementation, and maintenance of the organization ISMS in accordance with ISO/IEC 27001 standards.

- Conduct and manage regular reviews and updates of ISMS policies, procedures, and documentation to ensure ongoing compliance and effectiveness.

- Manage internal and external ISMS audits, including audit preparation, evidence collection, and remediation of findings.

- Conduct risk assessments to identify, analyze, and evaluate information security risks across people, processes and technologies.

- Develop and implement risk treatment plans to mitigate identified risks.

- Monitor and report on the effectiveness of risk treatment measures.

- Manage information security awareness and training programs for employees, contractors, and third parties.

- Manage information security incidents working with different stakeholders for effective remediation.

- Manage compliance with relevant information security laws, regulations, and standards for the organization.

- Conduct regular security reviews and assessments to identify and address potential vulnerabilities and threats.

- Manage key performance indicators (KPIs) and metrics to track the effectiveness of the ISMS.

- Collaborate with cross-functional teams to integrate information security requirements into business processes and projects.

- Provide expert advice and guidance on information security best practices.

- Prepare and present reports on information security activities and risks to senior management and management of the team would be preferable. 

- Manage SOC 2 attestation for the organization by working with key stakeholders.

- Manage periodic audit calendar for the client projects and clean rooms.

- Bachelor’s degree in information security, Computer Science, or a related field.

- A minimum of 9-10 years of experience in information security, with at least 3-4 years focused on ISMS and ISO/IEC 27001

- At least one of the certifications such as CISSP, CISM, ISO/IEC 27001 Lead Auditor/Implementer, or equivalent are required.

- Strong understanding of information security principles, risk management, and regulatory requirements.

- Experience in conducting risk assessments, internal and external audits, and incident response.

- Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels.

- Strong analytical and problem-solving skills, with a keen attention to detail.

- Experience in developing and delivering security awareness and training programs.

- Familiarity with other information security frameworks and standards (e.g., NIST, COBIT, GDPR).

- Knowledge of current cybersecurity threats, vulnerabilities, and mitigation strategies.

• Overall minimum 8 – 10 years of experience.

• Bachelor’s degree with relevant certifications such as CISSP, CISM, or ISO/IEC 27001 Lead Auditor/Implementer are often preferred.

• 5 – 6 years of managing the information security team and Ability to lead cross-functional teams and manage projects effectively

• Strong understanding of information security principles, ISO/IEC 27001 standards, and risk management

• Excellent written and verbal communication skills to convey complex security concepts to both technical and non-technical audiences. Strong analytical and problem-solving abilities to assess risks and develop appropriate mitigation strategies.

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Business Decisions, Business Performance Management, C-Level Presentations, Coaching and Feedback, Communication, Compliance Frameworks, Compliance Policies, Compliance Program Implementation, Compliance Review, Controls Testing, Corporate Governance, Creativity, Embracing Change, Emotional Regulation, Empathy, External Audit, Finance Target Operating Model, Finance Transformation, Financial Reporting, Fraud Detection, Fraud Prevention {+ 22 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date