Director of Cyber and Technology Risk Oversight
3M
Cyber SecurityServiceNow
ISMS/GRC Consultant
Inbox Business Technologies
full-time
Posted on:
Origin: • 🇵🇰 Pakistan
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
ITSM
About the role
- Implementation and maintenance of ISO 27001-based Information Security Management Systems (ISMS).
- Perform gap assessments to identify non-compliance and assist in remediation planning against standards/frameworks such as NIST, NCA, SAMA, etc.
- Participate in risk assessments and develop mitigation strategies.
- Develop ISMS policies, procedures, and security controls aligned with ISO 27001.
- Prepare documentation and provide support during ISO 27001 certification audits.
- Conduct security awareness training and incident management processes.
- Assist in developing and implementing IT governance frameworks (COBIT, NIST, ITIL).
- Support IT risk assessments, compliance audits, and regulatory reporting activities.
- Help clients align IT strategies with business goals while ensuring compliance with regulations such as GDPR, HIPAA, PCI-DSS, SOX, etc.
- Support development and maintenance of IT compliance programs and policies; contribute to GRC tools and processes.
- Participate in internal audits and help clients prepare for external certification audits/compliance checks.
Requirements
- Master’s or Bachelor’s degree in Information Technology, Computer Science, or related field.
- Certifications (preferred): ISO 27001 Lead Implementer / Lead Auditor, CISM, CRISC, COBIT Foundation, ITIL Expert/Managing Professional, ISO 20000 Lead Implementer / Lead Auditor, ISO 22301 Lead Implementer / Lead Auditor, CBCP (Certified Business Continuity Professional).
- Experience: 3–4 years of experience in ISMS and IT GRC consulting, auditing, or implementation.
- Additional stated experience: 6-8 years of experience in ITSM and BCMS consulting or related roles (listed in requirements section).
- Familiarity with ISO 27001 gap assessments, risk assessments, and audits.
- Basic knowledge of IT governance frameworks (COBIT, NIST, ITIL, etc.).
- Practical experience in ISO 22301 implementation, BIA, DR planning, and BCMS assessments.
- Familiarity with IT compliance standards such as ISO 27001, COBIT, NIST, NCA.
- Understanding of regulatory compliance such as GDPR, HIPAA, PCI-DSS, SOX.
- Experience in conducting internal and external audits related to ITSM, BCMS, or ISMS.
- Strong documentation, report writing, communication, analytical, problem-solving, stakeholder engagement, and project management skills.
- Proven ability to manage multiple projects and clients simultaneously.
