Job Role:
· Regularly assess the effectiveness of the ISMS by conducting internal audits. This involves evaluating compliance with ISO 27001 requirements and identifying areas for improvement.
· Perform risk assessments to identify vulnerabilities and ensure that appropriate controls are in place to mitigate these risks.
· Create detailed audit plans that outline the scope, objectives, and procedures for each audit.
· Record audit findings, including non-conformities and areas for improvement, and provide recommendations for corrective actions.
· Prepare and present audit reports to management, highlighting key findings and suggesting improvements.
· Work with various departments to implement corrective actions and continuously improve the ISMS.
· Identify any gaps in compliance and develop action plans to address them.
· Drafting and implementing security policies, processes and procedures as necessary to align with ISO 27001 standards.
· Ensure all security policies, processes and procedures are documented and accessible to relevant personnel.
· Establish and assess key performance indicators to measure the effectiveness and efficiency of the ISMS.
· Regularly track and analyze these KPIs to assess system performance.
· Prepare reports on ISMS performance metrics and present them to management.
· Regularly review and adjust KPIs to align with organizational goals and changes in the threat landscape.
· Conduct training sessions to educate employees about information security policies and best practices.
· Assist in Developing awareness programs to keep information security top-of-mind for all staff.