Scope:
- We are seeking a highly experienced Senior Manager - IT Audit & Information Security to lead the organization-wide implementation of ISO 27001 and ISO 22301, and to drive key programs across IT audit, risk management, information security, and regulatory compliance.
- The role involves managing enterprise security and continuity frameworks while partnering with internal leadership, global stakeholders, and certification auditors.
What You'll Do:
ISO Implementation & Governance
- Lead the end-to-end implementation of ISO 27001 and ISO 22301 frameworks, including gap assessments, policy development, control implementation, documentation, and certification readiness.
- Design, implement, and maintain Information Security Management Systems (ISMS) and Business Continuity Management Systems (BCMS) aligned with global best practices.
- Coordinate with external certification bodies and auditors during certification and surveillance audits.
- Ensure governance mechanisms to ensure continuous compliance and improvement of ISO standards.
- Ensure and review the integration of ISO controls into business processes, IT operations, vendor management, and product development lifecycles.
- Review the implementation of Business Impact Analysis (BIA) and risk assessments as part of the Business Continuity Management framework.
- Develop and implement business continuity strategies, disaster recovery plans, and crisis management frameworks aligned with ISO 22301.
- Establish third-party risk management controls aligned with ISO requirements for vendor security assessments and monitoring.
IT Audit & Risk Management
- Plan, execute, and manage risk-based IT audits covering IT governance, infrastructure, cybersecurity, application controls, and operational processes.
- Perform independent assessments of IT risks and internal controls to strengthen enterprise risk management practices.
- Provide strategic recommendations to leadership for improving internal control frameworks and reducing operational risks.
- Develop and maintain audit documentation and reports aligned with industry audit methodologies and regulatory expectations.
Information Security & Compliance
- Lead initiatives related to information security programs, cyber risk management, and IT compliance frameworks.
- Assess organizational compliance with ISO standards, regulatory requirements, and internal security policies.
- Drive improvements in data security, data governance, and data management practices.
- Support implementation of security best practices aligned with global frameworks such as NIST, COBIT, and ITIL.
Internal Controls & Regulatory Programs
- Conduct IT General Controls (ITGC) and IT Application Controls (ITAC) testing in regulated environments.
- Support J-SOX compliance and internal control testing programs.
Stakeholder & Audit Management
- Serve as the primary liaison between internal teams and external auditors, ensuring smooth execution of audits and compliance reviews.
- Build strong relationships with senior leadership and global stakeholders to drive risk awareness and governance maturity.
What We Are Looking For:
- 10+ years of experience in IT Audit, Information Security, Risk Management, or IT Compliance.
- Strong demonstrated experience in implementing ISO 27001 and ISO 22301 frameworks end-to-end.
- Strong understanding of IT governance, cybersecurity controls, system development lifecycle, and IT project management.
- Proven ability to manage complex information security and regulatory compliance projects.
- Experience working with global teams and stakeholders across multiple geographies.
- Strong communication and stakeholder management skills, particularly with internal leadership and external auditors.
- Experience in data governance, data security, and data management practices.
- Prior experience in regulated industries, consulting firms, or internal audit environments is highly desirable.
Qualifications
- Bachelor's degree in computer science, Information Security, Information Systems, Accounting, Engineering, or a related discipline.
- Professional certifications such as CISA, CISM, CISSP, ISO 27001 Lead Implementer, or ISO 27001 Lead Auditor are highly preferred.
Our Values
If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success - and the success of our customers. Does your heart beat like ours Find out here:
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
