Information Security Management System (Isms) Specialist

Information Security Management System (ISMS) Specialist | Westville, KZN | Permanent

Help a national operation achieve and sustain ISO/IEC 27001 excellence. If you thrive on building robust security frameworks and turning policy into practice, this role is for you.

You will design, implement, and continuously improve the organisation’s Information Security Management System (ISMS) in alignment with ISO/IEC 27001. Working across technology and business teams, you’ll safeguard the confidentiality, integrity, and availability of information assets while steering compliance with South African regulations and global best practices. This senior role partners closely with leadership and managed service providers to embed security into day-to-day operations and strategic planning.

Our client is a large, complex, and fast‑moving national enterprise in the FMCG logistics and distribution space. With technology at the core of its supply chain, they are investing in security maturity and seeking a specialist who can lead risk‑driven improvements and guide the journey to certification and beyond.

• Own the design, rollout, and continual improvement of the ISMS aligned to ISO/IEC 27001 and mapped to frameworks such as NIST, CIS, and ITIL/COBIT where relevant
• Develop, maintain, and govern security policies, standards, procedures, and SoA documentation
• Lead risk assessments aligned to ISO 31000; define treatment plans and track mitigation to closure
• Prepare the organisation for external audits and certification; coordinate internal audit cycles and evidence management
• Build and deliver security awareness and training programmes across technical and non‑technical audiences
• Strengthen incident response: develop and test playbooks, support investigations, and drive post‑incident reviews and preventive actions
• Monitor ISMS performance, report KPIs/KRIs, and recommend enhancements based on audit findings, risks, and emerging threats
• Partner with managed service providers and internal teams on vulnerability management, patching, JML, BIA/BCM/DR, and tooling (e.g., Microsoft Sentinel, Defender, EDR)

• Bachelor’s degree in Information Security, Computer Science, IT, or related field
• ISO/IEC 2701​-01 Implementer certification (mandatory); Auditor, CISM, CRISC, or CISA advantageous
• 7–10 years’ information security/cybersecurity experience with 1–3 years in a leadership capacity
• Proven end‑to‑end ISMS implementation and certification maintenance experience, including work with certification bodies
• Strong knowledge of ISO/IEC 27001, ISO 31000, NIST, CIS Controls; familiarity with ITIL/COBIT
• Solid exposure to South African regulatory requirements (e.g., POPIA, Cybercrimes Act)
• Hands‑on experience in risk, audit, incident response, vulnerability management, patching, JML, and security awareness
• Excellent communication, stakeholder management, and the ability to translate complex security concepts for diverse audiences

• ISO/IEC 27001 certification achieved and sustained, with clean audit outcomes and timely closure of findings
• Measurable reduction in priority risks and improved security KPIs/KRIs across the estate
• Policies and SoA are current, adopted, and evidenced; the lifecycle is managed effectively
• Incident response is tested, repeatable, and reduces time‑to‑detect and time‑to‑contain
• Security awareness improves across the business, with strong engagement from leadership and end‑users
• Effective collaboration with managed service partners, delivering consistent, high‑quality security operations