Information Security Compliance Manager

A leading Global company I am working with are seeking a highly motivated Infromation Security Manager to lead external audits and certifications in Information and Cyber Security Management. This role involves developing strategies, governance frameworks, and processes to enhance ISMS maturity, governance, and cybersecurity compliance.

The successful candidate will drive the transition from a policy-based ISMS to a user-friendly, control-based AI solution, fully integrated into software development and project management. The new ISMS solution will focus on compliant standard solutions and automated compliance checks.

This role requires identifying legal and regulatory requirements across various countries, ensuring integration into a comprehensive control framework. Working closely with legal experts and external consultants, the candidate will also support defining security clauses in customer and vendor contracts.

Additionally, the candidate will drive the adoption of ISMS processes, oversee key metrics and support risk management by consulting risk owners on mitigation strategies. This role functions as both a control and advisory position, empowering business and IT teams to enhance security measures effectively.

Key Responsibilities:

• Lead external audits such as NIS-2/KRITIS, ISO 27001, and TISAX.
• Anticipate and respond to customer and regulatory requests regarding Information & Cyber Security compliance.
• Identify and integrate external regulatory requirements (e.g., NIS-2/KRITIS, TISAX, NIST) in collaboration with business, legal, and data protection experts.
• Assist legal and sales teams in defining and negotiating security-related contractual clauses.
• Design, develop, and implement ISMS & compliance strategies, governance frameworks, and roadmaps.
• Define and track ISMS effectiveness metrics, ensuring alignment with CISO oversight.
• Translate external requirements into ISMS policies and controls alongside technical experts.
• Ensure compliance and manage assessments with key stakeholders.
• Enhance collaboration between CISO teams, IT, and business units to improve compliance and risk management.
• Support team leadership in organizational planning, budget management, and project execution.
• Stay ahead of trends, innovations, and best practices in information security risk & compliance, recommending improvements as needed.

Qualifications:

• Extensive experience in Information & Cyber Security compliance roles.
• Strong knowledge of security principles, frameworks, and best practices.
• Deep understanding of cyber risk management, threats, vulnerabilities, and security controls.
• Familiarity with regulatory requirements such as NIS/NIS2, KRITIS, China Security Law, GDPR, ISO 27001, OWASP Top 10, and NIST CSF.
• Strong analytical and problem-solving skills with high attention to detail.
• Excellent communication, presentation, and training skills-capable of explaining technical concepts to non-technical stakeholders.
• Passion for cybersecurity risk management and mitigation.
• Experience collaborating with Legal, Data Protection Officers (DPOs), Risk & Control, Audit, and Procurement teams.
• Experience working in large international organizations and managing enterprise-level projects.