About the Role

We are seeking an experienced Information Security Manager (ISM) – ISO 27001 Implementation Consultant to lead and deliver ISO/IEC 27001 Information Security Management System (ISMS) implementations across client environments.

The role focuses on designing, implementing, and operationalising compliant, risk-based security frameworks aligned to ISO 27001 standards, ensuring organisations achieve and sustain certification. The ISM will work closely with executive stakeholders, IT, risk, compliance, and operational teams to embed governance, controls, and continuous improvement practices.

Key Responsibilities

• Lead end-to-end ISO 27001 ISMS implementation programmes

• Conduct gap assessments against ISO/IEC 27001 requirements

• Define ISMS scope, boundaries, and governance structures

• Develop and document policies, standards, procedures, and control frameworks

• Perform risk assessments and facilitate risk treatment planning in line with ISO 27005 principles

• Define and maintain the Statement of Applicability (SoA)

• Support implementation of Annex A controls (organisational, technical, physical)

• Establish ISMS performance metrics, monitoring, and reporting mechanisms

• Facilitate internal audits and management reviews

• Prepare organisations for Stage 1 and Stage 2 certification audits

• Act as primary liaison with certification bodies and external auditors

• Provide advisory support on regulatory and contractual security requirements

• Embed continuous improvement processes to maintain certification post-audit

• Deliver security awareness and stakeholder engagement sessions

Qualifications

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Risk Management, or related discipline (or equivalent experience)

• 6–10+ years of experience in information security, risk, or compliance roles

• Demonstrated experience leading at least one full ISO 27001 implementation to certification

• Experience working across regulated or enterprise-scale environments

Skills & Experience

• Strong working knowledge of ISO/IEC 27001:2022 (or 2013 where applicable)

• Experience developing and operationalising Information Security Management Systems (ISMS)

• Deep understanding of risk assessment methodologies and control mapping

• Familiarity with complementary frameworks (e.g., NIST CSF, SOC 2, GDPR, PCI-DSS)

• Experience drafting and reviewing security policies and governance documentation

• Knowledge of third-party risk management and supplier security controls

• Strong understanding of security domains including:

• Access control and identity management

• Cryptography and data protection

• Secure configuration and vulnerability management

• Incident management and business continuity

• Asset management and information classification

• Experience conducting internal audits and supporting certification audits

• Strong stakeholder management and executive reporting capabilities

• Ability to balance governance requirements with pragmatic implementation