Isms Lead

Summary

Join Sympower as their Information Security Manager and operate the information security management system according to ISO 27001 standards. This cross-departmental role ensures data and system security, including protection, integrity, and availability. You will communicate with customers and partners on security issues, handle requests and incidents, and oversee audits and budgets. Shape Sympower's cybersecurity position and influence company-wide processes. The role involves managing the ISMS, performing risk analyses, conducting security training, and collaborating with various departments. Lead the security team through influence and coordination, working closely with product managers, legal, and engineering operations.

Requirements

• Fluent written and spoken English; other European languages also beneficial
• Experience managing or implementing ISO 27001 ISMS
• Background in IT security, risk management, or compliance
• Familiarity with cloud-first environments and remote-first organizations
• Proven ability to coordinate complex, cross-departmental projects with precision and efficiency
• Experience managing systems and processes with multiple interdependencies
• Deep understanding of structured systems like ISO 27001 ISMS, with the ability to navigate interlinked documents and processes effectively
• Solid understanding of IT security fundamentals, DevSecOps processes, risk management, and data protection. In-depth cryptography knowledge is not required, but a foundational understanding is essential
• Knowledge of such applications as SIEM and Risk management tools
• Experience with OWASP Top 10, SANS, and other security frameworks
• Experience in developing and implementing policies with a keen awareness of their practical implications on teams and workflows
• Ability to present information clearly and actionably to diverse stakeholders, including senior leadership and external auditors
• Skilled at translating complex security concepts into accessible language
• Ability to speak with customers on security related topics
• Track record of influencing teams and driving outcomes in environments without direct reporting lines

Responsibilities

• Oversee the ISMS based on our chosen standard ISO 27001, including policy and procedure updates, document reviews, and audits
• Organize and lead internal audits, management reviews, and external ISO 27001 audits
• Conduct regular ISMS Governance Council updates to inform leadership of the cybersecurity landscape and ISMS performance
• Ensure that the ISMS complies with NIS2
• Perform risk analyses and coordinate risk mitigation strategies
• Handle non-conformities, implement corrective actions, and maintain compliance documentation
• Manage vendor security, ensuring third-party compliance with Sympower’s security standards
• Take part in incident retrospectives
• Plan and conduct security awareness training for employees
• Foster a company-wide understanding of security policies and their impact on day-to-day operations
• Facilitate cross-departmental collaboration to implement security measures effectively
• Be available to support and take part in customer facing interactions that require explanation of our ISMS
• Lead the security team without direct managerial authority, driving results through influence and coordination
• Work closely with product managers, legal, and Engineering Operations to balance feature delivery and security
• Overseeing Product Security Development Practices
• Managing and reviewing our Pen Tests, making sure our Product Development teams have the correct knowledge to act on the outcomes
• Handling Customer Security Policies and Questionnaires

Benefits

• 30 Days Paid Holiday Leave
• 1 Day Paid Wellness Leave
• 1 Day Paid Birthday Leave
• Paid Maternity and Partner Leave
• Pawternity Leave
• Mental Health and Wellbeing Support
• Remote Office Budget
• Internet Allowance
• Development Plan & Budget
• Stock Appreciation Rights
• 2 Days Paid Volunteer Leave