We are looking for a motivated ISMS Manager, who will be responsible for:
- Lead the management and operation of the Information Security Management System (ISMS) for ITS Global
- Review all ISMS policies, procedures and other core ISMS framework documents like Statement of Applicability (SOA), Catalogue of Documents (CoD) etc, for all in-scope departments and ensure they are all updated.
- Manage the ISMS risk management program by reviewing all existing asset registers and risk registers.
- Collaborate with the ITS Global stakeholders and Information Protection Group (IPG) on a regular basis to ensure the ISMS operates smoothly and continuously improves.
- Conduct meetings with the Management Forum and Information Security Working Group (ISWG) and tracking the minutes of meetings and agenda.
- Liaison with external auditors from certification agency (BSI) to ensure all scheduled surveillance audits are completed as planned.
- Manage all internal and external audit findings and ensure their remediation on an agreed schedule with the respective ITS Global portfolio managers.
- Drive continuous improvements of the ISMS by designing and implementing effective metrics.
- Support the various ISMS roles with their responsibilities as documented in the ISMS operations manual.
- Regularly review the scope of the ISMS and ensure it remains relevant for member firms, clients and regulators.
- Escalate risk and issues relating to the management and operation of the ISMS to ITS Global, Global CISO and other interested parties as appropriate.
- Maintain ISMS portal and documentation up to date.
- Manage ISMS communications
- Report ISMS status to ITS Global stakeholders and the Global CISO
- Collaborate with ITS Global Attestation (SOC2) team to efficiently coordinate ISO and SOC2 efforts.
What we are looking for in our new ISMS Manager:
- 6-8 years in information security of which minimum of 3 years of business experience in running an ISMS based on ISO27001:2013.
- Must be a certified lead implementer or a certified lead auditor on ISO27001:2013.
- Professional security qualifications such as CISSP and/or CISM preferred. Applicant must be willing to obtain certification, if they are not already certified
- Knowledge of key principles and framework surrounding an Information Security Management System (ISMS) and preferably with other related frameworks like ISO27003, ISO27005, ISO27017 and ISO27018.
- Knowledge of System and Organization Controls (SOC2) reporting
- Good knowledge of regional issues and structures, ability to work with people from many different cultural backgrounds.
- Strong ability to multi-task and work independently within a global team
- Methodical approach to work, attention to detail and delivery of high quality results
- Excellent interpersonal and communication skills
- Fluent in English, other spoken languages a plus
- Holds a valid passport and able to travel periodically on business assignments
Education / Academics
- Minimum Bachelor’s degree from an accredited college / university (preferably in Computer Science, Computer Engineering, Information Security, Management Information Systems or other relevant field) – Masters (post-graduate) degree a plus.
Meer informatie en solliciteren
Please apply via the button below. For questions, please contact the dedicated Recruitment Advisor, Maud van Turnhout at email@example.com.