Job Title: GRC ISO/IEC 27001 Consultant / Lead
Location: Jordan and Philippines
Employment Type: Full-time
About the Role
We are seeking an experienced ISO/IEC 27001 Consultant / Lead to support the implementation, management, and continual improvement of our Information Security Management System (ISMS) and to deliver ISO-related consultancy services.
This role will be based in Jordan and Philippines, working closely with internal teams and customers to ensure compliance with ISO/IEC 27001. Experience with ISO 9001 (Quality Management Systems) is highly desirable and will be considered a strong advantage.
Key Responsibilities:
- Lead and support ISO/IEC 27001 implementation, maintenance, and continual improvement
- Conduct ISO 27001 gap assessments, risk assessments, and risk treatment planning
- Develop, review, and maintain ISMS documentation, including:
a. Policies and procedures
b. Risk registers
c. Statement of Applicability (SoA)
- Plan and perform internal audits and support external certification and surveillance audits
- Track and manage non-conformities, corrective actions, and continual improvement activities
- Work with technical and business stakeholders to embed security controls into day-to-day operations
- Provide guidance and awareness training on information security best practices
- Support customers or internal teams with ISO-related consultancy activities
- Contribute to governance, risk, and compliance initiatives beyond ISO 27001 where required
Required Skills & Experience:
- Proven experience working with ISO/IEC 27001 (implementation, management, or audit)
- Strong understanding of:
a. ISMS lifecycle (Plan-Do-Check-Act)
b. Risk management methodologies
c. Annex A controls
- Experience supporting ISO certification or re-certification audits
- Strong documentation and reporting skills
- Ability to communicate clearly with both technical and non-technical stakeholders
- Organized, self-motivated, and able to manage multiple tasks effectively
Desirable (Added Advantage):
- Experience with ISO 9001 (Quality Management Systems)
- ISO/IEC 27001 Lead Implementer or Lead Auditor certification
- Knowledge of additional frameworks or standards such as:
a. ISO 22301
b. NIST
c. CIS Controls
d. GDPR
- Background in information security, IT governance, or risk management
- Consultancy or customer-facing experience
