Practice Lead Director – ISO 27001

  • Full Time
  • Remote

Job Overview:

The Practice Lead Director for the ISO 27001 department is responsible for providing strategic
leadership and guidance for the organization's Information Security Management System (ISMS) based
on the ISO 27001 standard. This role involves overseeing the development, implementation, and
continuous improvement of information security policies, processes, and controls. The firm is planning
to expand in ISO 9001. So, experience in this standard is a plus.

Key Responsibilities:
 Strategic Leadership: Develop and execute a strategic vision for the ISO 27001 department,
aligning it with the organization's business objectives.
 ISMS Implementation: Lead the planning, implementation, and maintenance of the ISO 27001-
compliant ISMS across the organization.
 Risk Management: Identify, assess, and manage information security risks, and ensure that
appropriate controls are in place to mitigate these risks.
 Compliance: Ensure that the organization remains compliant with ISO 27001 standards and
other relevant regulations and standards.
 Policy Development: Develop and maintain information security policies, procedures, and
guidelines, and ensure they are communicated and followed throughout the organization.
 Training and Awareness: Provide training and awareness programs to educate employees and
stakeholders about information security best practices.
 Incident Response: Develop and oversee incident response plans and lead investigations and
remediation efforts in the event of security incidents or breaches.
 Vendor Management: Manage relationships with third-party vendors and assess their
compliance with information security requirements.
 Performance Monitoring: Establish key performance indicators (KPIs) and metrics to measure
the effectiveness of the ISMS and report on its performance to senior management.
 Continuous Improvement: Continuously assess and improve the organization's information
security posture, processes, and controls.
 ISO 17021 – Full understanding and application to the firm.
 ISO 27006 – Full understanding and application to the firm.

Education: A bachelor's degree in information security, computer science, or a related field is typically
required. A master's degree or relevant certifications (e.g., CISSP, CISM, ISO 27001 Lead Auditor) are
often preferred.
 Experience: Typically, 7-10 years of progressive experience in information security, including at
least 3-5 years in a leadership or management role.

 ISO 17021 – Full understanding and application to the firm.
 ISO 27006 – Full understanding and application to the firm.
 ISO 27001 Expertise: In-depth knowledge of the ISO 27001 standard and experience with its
implementation and maintenance.
 Risk Management: Strong understanding of information security risk management principles
and practices.
 Regulatory Knowledge: Familiarity with relevant data protection and privacy regulations (e.g.,
GDPR, HIPAA) and their implications on information security.
 Leadership Skills: Excellent leadership and team management skills, including the ability to
mentor and motivate staff.
 Communication: Strong verbal and written communication skills to effectively convey
information security concepts to both technical and non-technical stakeholders.
 Analytical Skills: Strong analytical and problem-solving abilities to assess complex security issues
and propose effective solutions.
 Certifications: Relevant certifications, such as CISSP, CISM, ISO 27001 Lead
Auditor/Implementer, are highly desirable.
 Industry Knowledge: Knowledge of industry best practices and emerging trends in information
 Project Management: Experience in project management and the ability to manage multiple
projects simultaneously.
 Interpersonal Skills: Strong interpersonal skills and the ability to collaborate and build
relationships across the organization.
 ISO 9001 – Full understanding and application to the firm is plus.

To apply for this job email your details to