ISMS manager

The organisation

Our client is the Global Information Technology group of an international Big 4 organization that offers audit, advisory and tax services in approximately 140 countries. This position is for the NL offices, based in Amsterdam. 

The position

You will be managing the Information Security Management System (ISMS) of a global technology organization in Amsterdam based on the ISO27001:2013 standard.

Your key activities will be:

• Review ISMS policies, procedures and other core ISMS framework documents. e.g. Statement of Applicability (SOA), for in-scope departments and ensure that they are all up to date. Support the various ISMS roles with their responsibilities as documented in the ISMS operations manual. 
• Manage the ISMS risk management program. Escalate risk and issues to technology and securitymanagement and other interested parties as appropriate.
• Conduct meetings with the Management Forum and Information Security Working Group (ISWG). Collaborate with the technology and security stakeholders on a regular basis to ensure the ISMS operates smoothly and continuously improves. 
• Liaise with external auditors from certification agency (BSI) to ensure all scheduled surveillance audits are completed as planned. 
• Manage internal and external audit findings and ensure their remediation on an agreed schedule with the respective portfolio managers.
• Regularly review the scope of the ISMS and ensure it remains relevant for customers and regulators.
• Manage ISMS communications.
• Collaborate with global attestation (SOC2) team to efficiently coordinate ISO and SOC2 efforts. 

Candidate profile 

In order to succeed as the Manager of the ISO 27001 Information Security Management System (ISMS) for this Global Technology Organization , you have at least 6 years of relevant experience in Information Security, out of which minimum of 3 years managing an ISO27001:2013 ISMS. You are a certified lead implementer or lead auditor on ISO27001:2013 and familiar with other related frameworks like ISO27003, ISO27005, ISO27017 and ISO27018. Professional security qualifications, such as CISSP and/or CISM, and System and Organization Controls (SOC2) reporting are a big plus. You can multi-task and work independently within a global team and deliver high quality results. You hold a valid passport and can travel periodically on business assignments (less than 10 % travel). You are fluent in English and have excellent communication skills. 

The offer

As an employee of one of the Big 4 you will receive an competitive salary, also you receive excellent secondary benefits (Lease car, laptop, smartphone, expence allowance and free of premium pension). The company offers the opportunity to develop yourself as an Information Security Manager.

Interested?

If you're interested in this role, use the link below to forward an up-to-date copy of your CV.