Information Security Compliance Officer
- Industry Other
- Category Information Technology
- Location Lalitpur, Nepal
- Expiry date Jun 15, 2025 (3 days left)
Job Description
Techkraft Inc. Pvt. Ltd. is seeking a detail-oriented and experienced Information Security Compliance Officer (ISCO) with a strong background in compliance and risk management.The ideal candidate will have at least 3 years of hands-on experience in information security compliance, including a solid understanding of ISO 27001:2022. The role involves overseeing the organization’s ISMS, conducting risk assessments, recommending treatment plans, and collaborating across departments to ensure continued compliance and security posture improvement.Key Responsibilities:
- Maintain and enhance the Information Security Management System (ISMS) in accordance with ISO 27001:2022 standards, driving continuous improvement through regular reviews and updates.
- Conduct regular risk assessments, document findings, and develop and implement risk treatment plans to mitigate identified risks.
- Lead internal ISMS audits, support external audits for certifications and client assessments, and ensure timely resolution of audit findings.
- Collaborate with department heads and senior management to ensure security controls and compliance measures are understood, implemented, and aligned with organizational objectives.
- Monitor and report on ISMS metrics and compliance status.
- Develop, update, and review information security policies, procedures, and documentation to ensure alignment with standards and regulations.
- Design and deliver comprehensive security awareness programs, including role specific training and phishing simulations, and measure their effectiveness to foster a security-aware culture.
- Oversee and coordinate responses to information security incidents, including root cause analysis, corrective actions, and compliance with regulatory and contractual reporting obligations.
- Stay informed of changes in information security and privacy regulations, standards, and emerging threats, and recommend updates to the ISMS to address them.
- Act as a point of contact for regulators, clients, and auditors regarding information security compliance, and present ISMS performance to senior management and the board.
- Bachelor's degree in information security, Computer Science, or a related field.
- Minimum 3 years of experience in information security compliance or ISMS-related roles.
- Strong understanding of ISO 27001:2022 requirements.
- ISO 27001 Lead Implementer or Lead Auditor certification is highly preferred.
- Experience in risk assessment, mitigation planning, and compliance reporting.
- Excellent communication and collaboration skills.
- Strong analytical and problem-solving abilities.
- Ability to work independently and manage multiple priorities.