Information Security Compliance Officer TechKraft Inc.

Information Security Compliance Officer

  • Industry Other
  • Category Information Technology
  • Location Lalitpur, Nepal
  • Expiry date Jun 15, 2025 (3 days left)
Job Description
Techkraft Inc. Pvt. Ltd. is seeking a detail-oriented and experienced Information Security Compliance Officer (ISCO) with a strong background in compliance and risk management.The ideal candidate will have at least 3 years of hands-on experience in information security compliance, including a solid understanding of ISO 27001:2022. The role involves overseeing the organization’s ISMS, conducting risk assessments, recommending treatment plans, and collaborating across departments to ensure continued compliance and security posture improvement.

Key Responsibilities:
  • Maintain and enhance the Information Security Management System (ISMS) in accordance with ISO 27001:2022 standards, driving continuous improvement through regular reviews and updates.
  • Conduct regular risk assessments, document findings, and develop and implement risk treatment plans to mitigate identified risks.
  • Lead internal ISMS audits, support external audits for certifications and client assessments, and ensure timely resolution of audit findings.
  • Collaborate with department heads and senior management to ensure security controls and compliance measures are understood, implemented, and aligned with organizational objectives.
  • Monitor and report on ISMS metrics and compliance status.
  • Develop, update, and review information security policies, procedures, and documentation to ensure alignment with standards and regulations.
  • Design and deliver comprehensive security awareness programs, including role specific training and phishing simulations, and measure their effectiveness to foster a security-aware culture.
  • Oversee and coordinate responses to information security incidents, including root cause analysis, corrective actions, and compliance with regulatory and contractual reporting obligations.
  • Stay informed of changes in information security and privacy regulations, standards, and emerging threats, and recommend updates to the ISMS to address them.
  • Act as a point of contact for regulators, clients, and auditors regarding information security compliance, and present ISMS performance to senior management and the board.
Qualifications:
  • Bachelor's degree in information security, Computer Science, or a related field.
  • Minimum 3 years of experience in information security compliance or ISMS-related roles.
  • Strong understanding of ISO 27001:2022 requirements.
  • ISO 27001 Lead Implementer or Lead Auditor certification is highly preferred.
  • Experience in risk assessment, mitigation planning, and compliance reporting.
  • Excellent communication and collaboration skills.
  • Strong analytical and problem-solving abilities.
  • Ability to work independently and manage multiple priorities.