Job Title: Consultant – Information Security Officer
Role Overview
The Information Security Officer (ISO) will be responsible for establishing, implementing, monitoring, and improving Acuiti Labs’ Information Security Management System (ISMS) and Data Protection framework in alignment with ISO/IEC 27001:2013, ISO/IEC 27001:2022, and ISO/IEC 27701:2019 standards.
This role combines strategic planning, risk management, compliance oversight, and hands-on execution to ensure robust protection of Acuiti Labs’ information assets and adherence to regulatory and client requirements.
-
Define information security goals and objectives aligned with Acuiti Labs’ business strategy.
-
Establish the scope and boundaries of the organization’s ISMS.
-
Develop and maintain information security policies, standards, and guidelines.
-
Create classification policies for information assets and ensure appropriate handling procedures.
-
Plan and implement ISMS in compliance with ISO/IEC 27001 standards.
-
Develop risk management and security implementation frameworks with measurable KPIs.
-
Define and maintain a process for continuous review and improvement of security policies and procedures.
-
Maintain and improve the organization-wide Information Security and Risk Management Plan.
-
Ensure integration of security principles into all business and IT processes.
-
Conduct regular risk assessments, vulnerability analyses, and impact assessments.
-
Define and implement risk treatment and residual risk evaluation measures.
-
Oversee incident response, including documentation, analysis, and remediation of security breaches.
-
Monitor compliance with legal, regulatory, and contractual requirements.
-
Lead organization-wide security awareness and training programs and measure their effectiveness.
-
Drive Business Continuity and Disaster Recovery Planning (BCP/DR) initiatives, including periodic drills and updates.
-
Manage change control processes for ISMS and IT infrastructure updates.
-
Ensure vendor and contractor compliance with organizational security standards.
-
Serve as the primary point of contact for data privacy and protection matters.
-
Ensure compliance with ISO/IEC 27701:2019, GDPR, and other relevant data protection laws.
-
Maintain detailed records of all data processing activities.
-
Conduct periodic data protection impact assessments (DPIAs).
-
Respond to data subject requests and coordinate with supervisory authorities as needed.
-
Monitor changes in privacy laws and update internal practices accordingly.
-
Conduct internal ISMS audits at least annually or after significant infrastructure changes.
-
Evaluate compliance with legal, regulatory, and organizational information security requirements.
-
Prepare and present audit reports with actionable recommendations to senior management.
-
Lead remediation efforts and ensure timely closure of audit findings.
-
Bachelor’s or Master’s degree in Information Technology, Computer Science, or related field.
-
MBA or equivalent management qualification preferred.
-
Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.
-
5–10 years of progressive experience in Information Security, Risk Management, or IT Governance, ideally within the IT or SAP consulting industry.
-
Proven experience implementing or maintaining ISO/IEC 27001 and ISO/IEC 27701 standards.
-
Strong understanding of IT audit principles, cybersecurity frameworks, and risk assessment methodologies.
-
In-depth understanding of infrastructure security, cloud platforms (AWS, Azure), network security, and identity management.
-
Experience with Microsoft technologies (Windows Server, Active Directory, M365) and ServiceNow.
-
Strong knowledge of SAP ecosystem security considerations preferred.
-
Exceptional communication, leadership, and stakeholder management skills.
-
Ability to work independently, manage multiple priorities, and drive cross-functional collaboration.
-
Strong ethical standards, analytical mindset, and commitment to continuous improvement.
-
Awareness of global data privacy regulations and cybersecurity trends.
