ISO 27001 Manager

Job Purpose

To lead the development, implementation, and continuous improvement of the

organization’s Information Security Management System (ISMS) and governance framework,

ensuring alignment with business objectives, regulatory requirements, and industry best practices. This

role provides strategic oversight, drives risk management and compliance initiatives, and establishes a

culture of accountability, security awareness, and operational excellence across the enterprise. The

Head of ISMS & Governance acts as the key authority on information security policies, standards,

controls, and audits, reporting directly to senior leadership and supporting informed decision-making at

the organizational level.

ACCOUNTIBILITIES

Develop and maintain the ISMS framework in line with ISO 27001 and best practices.
Manage the ISMS lifecycle (scope, risk assessment, controls, monitoring, and improvement).
Maintain ISMS documentation (policies, procedures, standards, SoA) and ensure compliance.
Coordinate internal and external ISO 27001 audits and certification activities.
Track audit findings, nonconformities, and corrective actions to closure.
Maintain risk registers and ensure implementation of risk treatment plans.

Develop and maintain Information Security Policies, Standards, and Procedures.
Ensure alignment with business and regulatory requirements.
Manage document control and versioning.
Support governance meetings and follow up on actions.
Coordinate with IT, Risk, Compliance, Audit, Legal, and Business Units.

Identify and assess information security and technology risks.
Maintain risk registers and monitor remediation plans.
Ensure third-party risk assessments and controls are in place.
Align cybersecurity risks with enterprise risk management.

Ensure compliance with relevant laws, regulations, and standards.
Support ISO 27001, NIST CSF, GDPR, and similar frameworks.
Manage audit evidence and compliance documentation.
Ensure continuous compliance with certification requirements.

Act as main contact for security and compliance audits.
Support audit preparation and provide required evidence.
Track and close audit findings and remediation actions.
Perform periodic control reviews.

Support security awareness programs.
Ensure employees understand security policies and responsibilities.
Conduct targeted training for high-risk teams.

Manage third-party risk assessments and monitoring.
Ensure vendors comply with security requirements and contracts.
Conduct due diligence for suppliers.

Develop KPIs and KRIs for security governance.
Report ISMS status, risks, and compliance to management.
Track audit issues, exceptions, and corrective actions.

Internal: Business Unit Directors, IT Operations, Risk Management, Internal Audit, Compliance & Legal
External: ISO Certification Bodies, External Auditors, Regulators (e.g., CBE), Vendors, Consultants

Position Requirements

· Educational Requirements: Bachelor’s degree in information security, Computer Science, IT, Risk

Management, or equivalent.

· Special Certification or Training Required: ISO 27001 Lead Implementer or Lead Auditor,

CISSP, CISM, CRISC, Other security governance/GRC certifications

· Required Industry Experience: overall 7 years min. 3 yrs in Information Security, Governance,

GRC, or ISMS

· Experience with ISO 27001 implementation or maintenance is required