Information Security Officer Consultant

Key Responsibilities

1. Planning

• Define information security goals and objectives aligned with Acuiti Labs business strategy.
• Establish the scope and boundaries of the organization s ISMS.
• Develop and maintain information security policies, standards, and guidelines.
• Create classification policies for information assets and ensure appropriate handling procedures.
• Plan and implement ISMS in compliance with

  ISO/IEC 27001

  standards.
• Develop risk management and security implementation frameworks with measurable KPIs.
• Define and maintain a process for continuous review and improvement of security policies and procedures.

2. Information Security Management

• Maintain and improve the organization-wide

  Information Security and Risk Management Plan

  .
• Ensure integration of security principles into all business and IT processes.
• Conduct regular

  risk assessments

  , vulnerability analyses, and impact assessments.
• Define and implement

  risk treatment

  and

  residual risk evaluation

  measures.
• Oversee incident response, including documentation, analysis, and remediation of security breaches.
• Monitor compliance with legal, regulatory, and contractual requirements.
• Lead organization-wide

  security awareness and training programs

  and measure their effectiveness.
• Drive

  Business Continuity and Disaster Recovery Planning (BCP/DR)

  initiatives, including periodic drills and updates.
• Manage change control processes for ISMS and IT infrastructure updates.
• Ensure vendor and contractor compliance with organizational security standards.

3. Data Protection Officer Responsibilities

• Serve as the primary point of contact for

  data privacy and protection matters

  .
• Ensure compliance with

  ISO/IEC 27701:2019

  ,

  GDPR

  , and other relevant data protection laws.
• Maintain detailed records of all data processing activities.
• Conduct periodic

  data protection impact assessments (DPIAs)

  .
• Respond to

  data subject requests

  and coordinate with supervisory authorities as needed.
• Monitor changes in privacy laws and update internal practices accordingly.

4. Information Security Auditing

• Conduct internal

  ISMS audits

  at least annually or after significant infrastructure changes.
• Evaluate compliance with

  legal, regulatory, and organizational information security requirements

  .
• Prepare and present audit reports with actionable recommendations to senior management.
• Lead remediation efforts and ensure timely closure of audit findings.

Qualifications

• Bachelor s or Master s degree in Information Technology, Computer Science, or related field.
• MBA or equivalent management qualification preferred.
• Relevant certifications such as

  CISSP, CISM, CISA, or CRISC

  are highly desirable.
• 5 10 years of progressive experience in Information Security, Risk Management, or IT Governance, ideally within the

  IT or SAP consulting industry

  .
• Proven experience implementing or maintaining

  ISO/IEC 27001

  and

  ISO/IEC 27701

  standards.
• Strong understanding of

  IT audit principles

  ,

  cybersecurity frameworks

  , and

  risk assessment methodologies

  .

Desired Skills and Competencies

• In-depth understanding of

  infrastructure security

  ,

  cloud platforms (AWS, Azure)

  ,

  network security

  , and

  identity management

  .
• Experience with

  Microsoft technologies

  (Windows Server, Active Directory, M365) and

  ServiceNow

  .
• Strong knowledge of

  SAP ecosystem

  security considerations preferred.
• Exceptional communication, leadership, and stakeholder management skills.
• Ability to work independently, manage multiple priorities, and drive cross-functional collaboration.
• Strong ethical standards, analytical mindset, and commitment to continuous improvement.
• Awareness of global data privacy regulations and cybersecurity trends.