Overview
PM Group is seeking an experienced Information Security professional responsible for defining and embedding best practice information security policies, standards, and processes based on ISO 27001. This role involves maintaining our ISO 27001 certification, providing security architecture advice, managing security programs, and supporting the organization’s security posture.
Responsibilities
Governance, Risk & Compliance
* Lead compliance reviews, certifications, and accreditations (e.g., ISO27001, GDPR, third-party, and client requirements).
* Conduct security threat and risk assessments, monitor risk treatment plans, and perform security assessments on complex systems.
* Implement GRC controls to safeguard systems and data.
* Ensure digital solutions and processes comply with policies and modern secure technologies.
* Develop and update security policies, standards, and guidelines.
* Contribute to digital strategy development to mitigate security risks.
* Collaborate with business, IT, and vendors to promote security best practices.
* Support current and upcoming IT projects with security expertise.
* Manage security audits within the ISMS scope, including internal, client, and third-party audits.
Information Security Management
o Project manage and deliver core security projects supporting transformation programs and ongoing security activities.
Security Awareness
o Develop and manage information security awareness programs, training, and communications.
Technical
o Perform security architecture reviews ensuring defense-in-depth and security by design.
o Knowledge of Zero Trust architectures and technologies.
o Familiarity with security designs for Microsoft environments including Azure, M365, Power Platform, and Copilot.
o Understanding of secure system integration and data flow management.
o Develop security hardening standards for systems.
Qualifications
Required
o Experience managing an ISO 27001 ISMS.
o Minimum 5 years in information security.
o Knowledge of GDPR and Data Privacy Impact Assessments.
o Experience monitoring and reporting on compliance and enforcing policies.
o Good understanding of Microsoft M365, Power Platform, CoPilot, and Azure security.
o Knowledge of secure design principles and incident triage.
o Ability to perform security audits and architecture reviews.
Preferred
o ISO 27001 Lead Auditor or Lead Implementer certification.
o Degree in Information Security, Computer Science, or related field.
o Security certifications such as CISSP, CISA, or CISP.
Personal Specification
o Proactive with a strong sense of responsibility and autonomy.
o Strong work ethic and communication skills.
o Ability to produce high-quality work under deadlines.
o Willingness to travel occasionally.
o Excellent organizational and project management skills.
o Interest in learning new technologies.
Why PM Group?
As an employee-owned company, we foster an inclusive, committed, and driven culture. Our 2025 strategy emphasizes corporate responsibility and sustainability. We value diversity and aim to create a workplace of mutual respect and belonging. We are committed to fair hiring practices and providing reasonable accommodations for candidates with disabilities. If assistance is needed, please inform us.
#J-18808-Ljbffr