Lead Implementer/Auditor

Responsibilities:

ISO 22301 – Business Continuity Management (BCMS):

• Lead the design, implementation, and maintenance of the Business Continuity Management System.
• Conduct Business Impact Analysis (BIA) and risk assessments across business units.
• Develop and maintain business continuity strategies, plans, and recovery procedures.
• Coordinate and oversee disaster recovery planning and testing exercises.
• Ensure periodic simulation exercises and resilience testing.
• Monitor compliance with ISO 22301 requirements and drive continual improvement.

ISO 27001 – Information Security Management (ISMS):

• Lead the implementation and ongoing management of the ISMS framework.
• Conduct enterprise-wide information security risk assessments.
• Develop, review, and enforce information security policies and procedures.
• Ensure effective implementation of Annex A controls.
• Coordinate internal and external ISO 27001 audits.
• Manage security incidents and ensure corrective/preventive actions are implemented.

Governance, Risk & Compliance:

• Ensure alignment of BCMS and ISMS with organizational strategy.
• Liaise with regulators, certification bodies, and external auditors.
• Monitor regulatory and statutory requirements related to information security and business continuity.
• Present compliance reports and risk posture updates to senior management.

Internal & External Audits:

• Act as Lead Auditor for ISO 22301 and ISO 27001 internal audits.
• Plan, conduct, and report audit findings.
• Track corrective actions and ensure timely closure.
• Prepare the organization for surveillance and recertification audits.

Training & Awareness:

• Develop and deliver awareness programs on business continuity and information security.
• Promote a culture of operational resilience and data protection.
• Facilitate the internal auditor course
• Provide advisory support to management and business units.

Requirements:

• Minimum of 6 years’ relevant experience in ISO 22301 and ISO 27001 implementation and auditing.
• Certified ISO 22301 Lead Implementer.
• Certified ISO 22301 Lead Auditor.
• Certified ISO 27001 Lead Implementer.
• Certified ISO 27001 Lead Auditor.
• Bachelor’s degree in Information Technology, Computer Science/Engineering, Data Management, Data Science, etc. 
• Professional certifications such as CISA, CRISC, CISSP, or equivalent (added advantage).
• Strong knowledge of risk assessment methodologies.
• Experience managing certification audits with accredited bodies.
• Demonstrated experience in disaster recovery planning and information security governance.
• Enterprise Risk Management
• Business Impact Analysis
• Information Security Controls
• Incident Response Management
• Policy Development
• Regulatory Compliance
• Audit & Assurance
• Stakeholder Management
• Analytical & Problem-Solving Skills
• Strong Communication & Reporting Skills
• Lead implementer and Auditor Certified