Conduct audits and assessments of IT systems and processes to ensure compliance with ISO 27001 standards and other regulatory requirements.
Identify gaps and areas for improvement in IT compliance and governance practices related to ISO 27001 and develop strategies to address them.
Implement controls and measures to mitigate risks and ensure the security and integrity of IT systems and data in accordance with ISO 27001 requirements.
Develop and maintain IT policies, procedures, and documentation aligned with ISO 27001 standards and best practices.
Provide guidance and support to cross-functional teams on compliance-related matters, including ISO 27001 requirements and internal policies.
Collaborate with stakeholders to develop and implement IT compliance training programs for employees, focusing on ISO 27001 awareness and best practices.
Monitor and track compliance activities, including audits, assessments, and remediation efforts related to ISO 27001, and report findings to management.
Stay abreast of developments in ISO 27001 standards and other regulatory requirements related to IT compliance and governance.
Assist with responding to compliance inquiries and requests from internal and external stakeholders, including ISO 27001 certification audits.
Participate in IT projects and initiatives to ensure compliance considerations related to ISO 27001 are addressed throughout the project lifecycle.
Qualifications:
Bachelor’s degree in Computer Science, Information Technology, or a related field. Advanced degree or relevant certifications (e.g., CISA, CISSP, ISO 27001 Lead Auditor/Implementer) preferred.
Proven experience (X years) working in IT compliance, governance, or a related field, with a focus on ISO 27001 standards.
Strong understanding of ISO 27001 framework, requirements, and implementation guidelines.
Experience conducting IT audits, risk assessments, and gap analyses related to ISO 27001 compliance.
Knowledge of IT security principles, practices, and technologies, with a focus on ISO 27001 controls.
Excellent analytical skills and attention to detail, with the ability to identify compliance issues and develop effective solutions.
Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and communicate complex technical concepts to non-technical stakeholders.
Ability to work independently and manage multiple tasks and priorities effectively in a fast-paced environment.
Proficiency in MS Office suite and IT governance tools/software.
Familiarity with other regulatory frameworks such as GDPR, HIPAA, or SOX is a plus.