ISO 27001 Consultant

Full time

On-site (full-time)

Level: Senior Manager

About Enactor

Enactor is a successful and growing software company providing enterprise systems to leading retailers world-wide. Enactor systems drive the in-store, mobile and online channels that make up a modern unified commerce experience.

Our head office is in Hertford, UK and we have offices in Colombo, Galle and Kandy with about 200 staff and counting.

With the vision to penetrate into new markets aggressively, we are on route to build an exceptional marketing team to support the initiative. This is your opportunity to join a highly collaborative, dynamic team and earn in GBP!

Job Role:

As an ISO 27001 Consultant, you will play a critical role in safeguarding the organisation’s information assets by ensuring compliance with ISO 27001 standards. You will lead the development and implementation of an ISMS, conduct risk assessments, and perform internal audits. Your expertise will guide the organisation in maintaining the highest level of information security, thereby enhancing trust and credibility with clients and stakeholders. Your proactive approach to continuous improvement and stakeholder engagement will be pivotal in fostering a robust security culture within the organisation.

Key Responsibilities:

• Formulate and execute a detailed plan for ISO27001:2022 certification, incorporating the latest standards and practices.
• Assume the role of project manager, overseeing the project timeline and coordination across departments to meet critical milestones.
• Provide expert advice on ISO27001, training staff on its standards and the significance of robust information security management.
• Carry out internal readiness audits to evaluate compliance with ISO27001 standards, pinpointing areas for enhancement.
• Create and maintain the ISMS, ensuring it aligns with ISO27001 requirements and is tailored to our operational context.
• Develop, review, and update information security policies, processes, procedures, standards, baselines and guidelines essential for achieving and maintaining certification.
• Regularly report to senior management and stakeholders on the certification journey and the effectiveness of the ISMS.

Risk Assessment and Management

• Continuously assess and reassess risks to information assets.
• Keep vigilant for emerging threats and vulnerabilities and update risk treatment strategies accordingly.
• Develop risk treatment plans to mitigate identified risks.
• Monitor and review the effectiveness of risk treatment measures.

Compliance and Audi

• Perform internal audits to assess compliance with ISO 27001 standards.
• Facilitate the external certification process, preparing all necessary documentation and evidence for auditors.
• Ensure continuous compliance with legal, regulatory, and contractual requirements.

Training and Awareness

• Conduct training sessions and awareness programs for employees on information security practices.
• Promote a culture of information security throughout the organisation. Encourage reporting of security incidents, and ensure information security is a core part of the organisation’s values.

Continuous Improvement

• Monitor and review the ISMS to ensure it remains effective and up to date.
• Identify opportunities for improvement and implement necessary changes.
• Drive continuous improvement of the ISMS, adapting to new security challenges and changes in business operations.
• Define key performance indicators (KPIs) to measure the effectiveness of the implemented controls and processes. Regularly monitor and evaluate the ISMS to identify areas for improvement.
• Engage with senior/exec management in reviewing the ISMS performance, identifying opportunities for improvement, and ensuring ongoing compliance with ISO 27001.

Qualifications:

• Educational Background
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field.
• Relevant certifications such as ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, CISSP, CISM, or equivalent.

Experience

Proven experience in implementing and managing ISO 27001 compliant ISMS.

Experience conducting risk assessments and internal audits.

Knowledge of other relevant standards and frameworks (e.g., NIST, GDPR).

Skills and Competence

• Strong understanding of information security principles and practices.
• Excellent analytical and problem-solving skills.
• Ability to communicate complex security concepts to non-technical stakeholders.
• Strong project management and organisational skills.
• Proficiency in using various security tools and technologies.

Note: Only shortlisted candidates will be contacted.

Apply only if you are willing to work full-time on-site.