Information Security Specialist

Information Security Management System (ISMS) Specialist is responsible for the end-to-end implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO / IEC standards. The incumbent will play a pivotal role in ensuring the confidentiality, integrity, and availability of our information assets, while also ensuring compliance with legal and regulatory requirements.

• Lead the design, implementation, and continuous improvement of an ISMS aligned with ISO / IEC and other relevant frameworks (e.g., NIST, POPIA, CIS, CSA etc.).
• Develop, implement, and maintain information security policies, procedures, and guidelines.
• Assess existing information security practices and recommend improvements.
• Ensure the organization's ISMS aligns with business needs, regulatory requirements, and industry best practices.

• Perform risk assessments to identify potential security risks to the organization's information assets in alignment to ISO.
• Develop risk treatment plans and assist in the implementation of risk mitigation strategies.
• Conduct ongoing risk assessments and audits to ensure the effectiveness of the ISMS.

• Ensure compliance with ISO / IEC and other industry standards and regulations.
• Prepare the organization for certification audits and support the audit process.
• Coordinate with auditors and certification bodies.
• Maintain records and documentation to ensure traceability and compliance with ISMS requirements.

• Provide training to staff and management on information security best practices, policies, and compliance requirements.
• Promote a culture of information security awareness across the organization.
• Support the creation of an internal security awareness program.

• Assist in the development and testing of incident response plans.
• Provide guidance and support in handling information security incidents.
• Ensure incidents are documented and reported in accordance with regulatory and contractual obligations and assist in post-incident analysis to determine the cause and recommend preventive actions.

Define and monitor ISMS-related KPIs and metrics.

• Monitor and report on the performance of the ISMS, identifying areas for improvement.
• Monitor compliance with security policies and procedures.
• Lead regular internal audits to assess the effectiveness of the ISMS.
• Recommend and implement improvements based on audit findings, risk assessments, and evolving industry practices.
• Keep up-to-date with emerging threats, vulnerabilities, and regulatory changes.

• Assess and monitor third-party vendors and service providers for information security compliance.
• Assist in the integration of ISMS controls into third-party contracts and SLAs.

This role plays a critical role in managing and maintaining relationships with both internal and external stakeholders. These interactions are essential for ensuring the organization's security posture is robust and aligned with its strategic objectives.

• Bachelor's Degree in information security, Computer Science, Information Technology, or a related field.
• Minimum of 7-10 years of experience in the field of information security, cybersecurity, or a related discipline, with at least 1-3 years in a managerial or leadership capacity.
• Robust combination of technical expertise, specialized knowledge, and strong leadership abilities.
• Intrinsic understanding of the ISMS statement of applicability.
• In-depth knowledge of information security frameworks such as ISO / IEC, NIST, and CIS Controls.
• Familiarity with IT governance frameworks (e.g., COBIT, ITIL) and extensive experience in risk management, incident response, and compliance, particularly with South African regulations like POPIA and the Cybercrimes Act.
• Soft skills such as excellent communication, adaptability, attention to detail, and ethical judgment are also vital.
• Relevant professional certifications such as CISM, CRISC, or CISA.
• Knowledge of security tools, including Microsoft Sentinel, CyberReason, and Microsoft Defender.

• Experience working with ISO certification bodies.
• Development of audit and ISMS remediation plans.
• Familiarity with data protection laws and industry regulations.

• Strategic Thinking: Align security strategies with business objectives and anticipate future challenges.
• Technical Expertise: Knowledge of security frameworks, technologies, and tools with strong proficiency in threat analysis and mitigation.
• People Management: Strong leadership skills to build, manage, and effectively leverage external resources.
• Decision-Making and Judgment: High discretion in making critical security decisions, balancing immediate needs with long-term goals.
• Collaboration and Communication: Excellent interpersonal skills for engaging with both technical and non-technical stakeholders.
• Problem-Solving and Analytical Skills: Strong analytical abilities to assess and resolve complex security issues across organizational boundaries.
• Compliance and Regulatory Knowledge: In-depth understanding of relevant regulations and standards, ensuring ongoing compliance.
• Adaptability and Resilience: Ability to adapt to changing security landscapes and manage high-pressure situations.
• Ethical Integrity: Commitment to upholding the highest ethical standards in all security practices.

Seniority level: Mid-Senior level

Employment type: Full-time

Job function: Information Technology

Industries: Transportation, Logistics, Supply Chain and Storage