Cyber Security Consultant – ISMS & ISO 27001 Certification

About the role

We are looking for an experienced Cyber Security Consultant to lead ISO 27001 ISMS implementation and certification projects. The role involves guiding clients through gap assessments, risk treatment, policy development, and audit preparation to achieve and maintain compliance with information security standards.

Key responsibilities

• Lead ISO 27001 ISMS implementation and certification projects for clients or internal stakeholders.
• Conduct gap assessments against ISO 27001 requirements and develop remediation plans.
• Design, implement, and maintain Information Security Management Systems (ISMS).
• Perform information security risk assessments and facilitate risk treatment activities.
• Develop, review, and update security policies, standards, procedures, and guidelines.
• Prepare organizations for certification, surveillance, and recertification audits.
• Coordinate with certification bodies, auditors, and business stakeholders during audits.
• Monitor compliance with ISO 27001 controls and regulatory requirements.
• Conduct internal ISMS audits and management review activities.
• Deliver awareness sessions and training programs on information security best practices.
• Support incident management, corrective actions, and continuous improvement initiatives.
• Assist in implementing additional frameworks such as ISO 22301, NIST, CIS Controls, and GDPR where applicable.
• Prepare project documentation, reports, dashboards, and compliance status updates.

Required profile

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Engineering, or a related field.
• Strong understanding of ISO/IEC 27001:2022 standards and ISMS frameworks.
• Experience in information security governance, risk management, and compliance.
• Hands‑on experience conducting risk assessments and internal audits.
• Knowledge of security controls, policies, procedures, and regulatory compliance requirements.
• Experience supporting certification audits and remediation activities.
• Excellent stakeholder management, communication, and documentation skills.

Required skills

• ISO 27001:2022 implementation & compliance
• ISMS governance
• Information security risk management
• Internal & external audit management
• Business continuity & disaster recovery concepts
• Security policy development
• Compliance & regulatory frameworks
• Third‑party risk management
• Security awareness & training
• Familiarity with ISO 22301, NIST, CIS Controls, GDPR