【IT】ISMS Project Supervisor

職責

The ISMS (Information Security Management System) Project Supervisor is a pivotal role within the organization, focusing on maintaining ISO 27001 compliance, cybersecurity assurance, and effective incident and project management. The role also places a strong emphasis on ISMS documentation and related activities. Key responsibilities include:
1. HQ ISO 27001 Compliance and Assurance:
- Oversee the development, implementation, and maintenance of the ISMS in alignment with ISO 27001 standards.
- Coordinate and conduct internal audits to ensure ISO 27001 compliance and lead preparations for external certification audits.
- Identify compliance gaps and implement corrective actions to meet ISO 27001 requirements.
2. ISMS Documentation Management:
- Develop, maintain, and update all ISO 27001-related documentation (Policies. Risk assessment reports, Risk treatment plans, Asset inventory and classification records, internal audit plans and results, incident logs and corrective action reports)
- Ensure all documentation meets the latest ISO 27001 standard requirements and remains up to date.
- Design and maintain a centralized document control system for all ISMS-related materials.
- Collaborate with stakeholders to create user-friendly templates and guidelines for ISMS documentation.
3. HQ Cybersecurity Compliance and Assurance:
- Establish and maintain robust cybersecurity policies and practices to meet compliance standards.
- Conduct regular reviews of security controls and implement changes to address emerging threats.
- Incident Management:
- Act as the primary coordinator for managing information security incidents, ensuring proper documentation and reporting.
- Conduct post-incident reviews to improve incident response protocols.
4. Incident Management:
- Manage and track cybersecurity incidents and events, ensuring timely resolution.
- Develop and implement incident response plans to address and mitigate cybersecurity incidents.
5. ISMS Project Management:
- Develop detailed project plans that outline the scope, objectives, timelines, and resource allocation for cybersecurity projects.
- Allocate and manage resources effectively to ensure the successful completion of ISMS projects.
- Communicate regularly with stakeholders, including senior management, to provide updates on project status and any security issues.
- Provide security awareness training to project team members to ensure they understand and adhere to cybersecurity best practices.
6. Training and Awareness:
- Conduct training sessions to educate staff on ISO 27001 policies and documentation procedures.
- Promote awareness of ISMS documentation requirements and their importance in maintaining compliance.
7. Stakeholder Communication:
- Provide regular updates to management on the status of ISO 27001 compliance, ISMS documentation, and audit readiness.
- Serve as the liaison between internal teams, auditors, and external consultants during audit processes.

工作需求條件