ISO 27001 / 20000 Lead Analyst

Overview

We are seeking a highly skilled and detail-oriented ISO 27001 / 20000 Lead Analyst to drive the implementation, maintenance, and continual improvement of our Information Security Management System (ISMS) and IT Service Management System (ITSMS). This role plays a critical part in aligning our technology, security, and service delivery practices with globally recognized standards.

You will collaborate across departments to ensure compliance with ISO 27001 (Information Security) and ISO 20000 (IT Service Management), conduct risk assessments, lead audit activities, and support the organization’s governance and compliance goals.

Duties include, but not limited to:

• Lead the development and implementation of ISMS and SMS based on ISO 27001 / 20000
  requirements.
• Conduct risk assessments and gap analyses to identify security vulnerabilities and areas for
  improvement.
• Define security policies, procedures, and controls aligned with ISO 27001 standards.
• Work with the key stakeholders at the client in ensuring PPP’s are up to date.
• Coordinate the awareness and readiness activities prior to Internal and External Audits.
• Lead daily standups.
• Manage Weekly and Bi-Weekly meetings with the client.
• Stakeholder Management across all functions in Scope.

Compliance and Auditing Skills:

• Coordinate internal and external audits to assess compliance with ISO 27001 and other relevant
  standards.
• Develop and execute audit plans and strategies.
• Monitor corrective actions to address identified non-conformities.
• Drive Risk Assessments with all areas in scope.

Training and Awareness:

• Provide training and awareness programs on information security policies and best practices in
  alignment with the Training Calendar.
• Collaborate with teams across the client’s organization to ensure understanding and adherence to
  security policies.

Continuous Improvement

• Monitor and evaluate the effectiveness of ISMS and SMS controls and procedures.
• Recommend and implement enhancements to security measures based on emerging threats and
  vulnerabilities.

Documentation and Reporting:

• Maintain documentation related to ISMS / SMS implementation and compliance.
• Prepare regular reports for management on the status of information security initiatives.
• Conduct Management Reviews for both ISO 27001 and ISO 20000.

Desired Skills and Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, or equivalent.
• Professional certification such as Certified Information Systems Security Professional (CISSP),
  Certified Information Security Manager (CISM), or ISO 27001 Lead Auditor/Implementer.
• Proven experience (e.g., 3+ years) in information security management and ISO 27001
  implementation.
• Strong understanding of information security principles, standards, and frameworks.
• Excellent analytical and problem-solving skills.
• Effective communication and interpersonal skills, with the ability to collaborate with cross
  functional teams.
• Attention to detail and ability to work independently.