کارشناس ISMS

Job Description

- Implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001 where applicable - Performs information security risk assessments and assess the control environment of the business processes and applications under review, including both manual and automated processes in accordance with the information security program - Assist both internal and external audits relating to information security as well as performing independent audits to validate completeness and accuracy of the information security program - Develop remediation and corrective action plans with related governance and operational functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary - Author and revise information security policies, standards, procedures and guidelines, in conjunction with the Information Security Forum - Assists with the development and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations - Develop supporting information security awareness, training and educational material - Maintain an accurate system and control inventory including identification of supporting roles