Risk, Quality and Compliance Lead

About The Position

Requirements

• Professional knowledge of ISO 27000 standards
• Professional knowledge of ISO 27001 implementation and auditing processes
• Knowledge of Risk Assessment and Treatment methodologies (e.g. ISO 27005, IRAM2, OCTAVE)
• Knowledge of business continuity and disaster recovery management
• Knowledge of information security regulations and standards
• Knowledge of ICT and security architecture
• Knowledge of project management concepts
• 3+ years of experience in management of cybersecurity and ISO 27001/ISMS
• Proven experience with development and management of ISMS
• Experience with project management and team organization

Nice To Haves

• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• ISO/IEC 27001 Lead Implementer / Lead Auditor
• Certified Information Systems Auditor (CISA)

Responsibilities

• Responsibility for ISMS implementation and operations
• Conduct periodical reviews of the established ISMS and identify gaps and nonconformities
• Monitor, measure, evaluate, and continually improve the ISMS
• Approve key ISMS documents and communicate them to relevant users
• Define control owners and participate in control design
• Monitor control effectiveness across the organization
• Conduct periodical compliance and effectiveness assessments of the ISMS
• Manage remediation of ISMS gaps and nonconformities
• Liaise with corresponding teams to provide necessary evidence
• Report on ISMS status to the ISMS Owner and ISMS Committee
• Coordinate ISMS-related incidents
• Communicate ISMS-related topics across all ISMS team members

Benefits

• Variable incentive pay programs
• Comprehensive total rewards package
• Inclusive benefits
• Flexibility programs