Avant Digital Inc.

Lead and manage ISO27001 ISMS implementation, conduct risk and compliance assessments, oversee vendor risk management, support audits, and maintain compliance metrics. | 8-10 years of experience in Information Security, Compliance, and Risk Management with expertise in ISO27001 and related standards. | Job Title: GRC Security Compliance Manager Location: Remote Duration: 12+ Months (Contract) Responsibilities: • Drive the implementation and management of Information Security Management Systems adhering to ISO27001 standards. • Conduct third-party risk and compliance assessments utilizing structured questionnaires. • Evaluate risk associated with customer and vendor contracts. • Leverage cloud security expertise to assess SaaS vendor products. • Lead the ISMS rollout efforts across business units and support ISO27001 certification initiatives. • Oversee compliance efforts to ensure sustained implementation of common controls across various business units. • Support and enhance the Supply Chain and Third-Party Vendor Risk Management program. • Improve existing common controls to meet evolving business and customer needs, while adhering to information security policies and standards. • Assist in preparing security assurance materials for both internal and external stakeholders, including responses to customer questionnaires. • Generate regular metrics related to the Trust office programs, including ISMS, for management visibility. • Help gather evidence for audits, update the centralized GRC tool with audit results, and assist with additional compliance activities. • Contribute to proof of concept initiatives and enhancements of the GRC tool in support of Trust office objectives. • Perform ad-hoc activities necessary for the Trust office's success. • Participate in early morning meetings and updates for IST and PST time zones. Skill Set: • 8-10 years of experience in Information Security, Compliance, and Risk Management. • Expertise in implementing Information Security measures for ISO 27001 and other key standards including SOX, NIST 800-53, and CMMC.