Consultant

Description:

An ISO 27001 consultant is a professional who provides expertise and guidance to organizations seeking to implement, maintain, or improve their Information Security Management System (ISMS) in accordance with the ISO 27001 standard. ISO 27001 is an internationally recognized standard that sets out the criteria for establishing, implementing, maintaining, and continually improving an effective ISMS.

Key Responsibilities
 

• Assessment and Gap Analysis
   

Conduct an initial assessment and gap analysis of the organization's current information security practices against the requirements of ISO 27001. Identify areas where the organization needs to improve to meet the requirements of ISO 27001.
 

• Implementation Planning
   

Develop a detailed plan for the implementation of ISO 27001 within the organization. This includes defining the scope of the ISMS, establishing policies and procedures, and identifying necessary controls.
 

• Documentation Assistant
   

Assist in developing and documenting policies, procedures, and other necessary documentation required by ISO 27001. Ensure that the documentation aligns with the standard's requirements.
 

• Risk Assessment and Management
   

Guide the organization in conducting a risk assessment and developing a risk treatment plan. Help prioritize and implement controls to mitigate identified risks to an acceptable level.
 

• Training and Awareness
   

Provide training to employees at various levels within the organization to create awareness of information security and the importance of their roles in maintaining the ISMS.
 

• Internal Auditing
   

Assist in or conduct internal audits to assess the organization's compliance with ISO 27001. Identify non-conformities and areas for improvement.
 

• Certification Support
   

If the organization aims to achieve ISO 27001 certification, the consultant can provide support throughout the certification process. This involves working with a certification body and addressing any findings during the external audit.
 

• Continual Improvement
   

Encourage and guide the organization in establishing a culture of continual improvement for its ISMS. This involves regularly reviewing and updating the system to address changing risks and business needs.

Qualifications
 

• Preferable degree in IT, Software Engineering, Management or relevant discipline.
• More than 7 years’ experience establishing, implementing, maintaining, auditing and improving ISMS.
• Must have ISO 27001 Leader Auditor Certification.
• Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) designations shall be assets.
• A self-motivated, goal-oriented, and results-driven person with a strong understanding of consulting services and the ability to communicate the services offered to clients.