Job Title:  T&T | Cyber - CST | Sr Analyst | TPRM

1. Delivery & Technical Leadership

1. ISMS Implementation: Lead the end-to-end design, implementation, and maintenance of an ISMS based on the ISO/IEC 27001:2022 standard for global clients.
2. Gap Analysis: Oversee comprehensive gap assessments against ISO 27001 requirements and Annex A controls to identify security posture deficiencies.
3. Risk Management: Lead formal Information Security Risk Assessments (using frameworks like ISO 27005) to identify threats and vulnerabilities, and define risk treatment plans.
4. Statement of Applicability (SoA): Define and justify the inclusion/exclusion of controls within the SoA based on client business needs.
5. Internal Audit: Manage and execute internal audits to ensure compliance before formal certification audits by external bodies (e.g., BSI, SGS).
6. Policy & Procedure Development: Lead the creation of high-level security policies, standards, and operational procedures tailored to the client’s organizational culture.

2. Project & Engagement Management

1. Engagement Delivery: Take full ownership of project timelines, budgets (burn rates), and resource allocation for multi-million dollar cybersecurity engagements.
2. Quality Assurance: Review the work produced by Consultants and Senior Consultants (deliverables, reports, presentations) to ensure "Deloitte-quality" standards.
3. Stakeholder Management: Present complex security findings and ISO 27001 roadmaps to C-Suite executives (CISO, CIO, CRO) and Board members.
4. Reporting: Develop sophisticated dashboards and progress reports to communicate project status and residual risk to client leadership.

Professional Experience: 7–10 years in Cyber Security, with at least 4–5 years focused specifically on ISO 27001.

Certifications:

Must Have: ISO 27001 Lead Implementer or Lead Auditor.

Highly Desired: CISSP, CISM, or CISA.

Education: Bachelor’s or Master’s degree in IT, Cybersecurity, or Risk Management.

Soft Skills: Exceptional "Executive Presence"—the ability to talk about technical security in a way that business leaders understand.