Information Security Management System

(ISMS) Specialist

Overview

We are a Supply Chain and Sales & Merchandising partner adding value to your
business through a fully integrated, temperature-controlled network in Southern
Africa.

But we are also more than that. We are people serving people. While we boast the
best in tech and infrastructure, our people are our greatest resource. With our
skilled, curious, can-do people at the forefront, our assets become your assets, our
service your solutions.

Vector’s vehicle fleet includes a food industry first in ‘multi-temperature’ vehicles

enabling the company to service business across frozen, chilled and ambient
temperature zones on a single delivery.

Job Purpose

Information Security Management System (ISMS) Specialist is responsible for the

end-to-end implementation, maintenance, and continuous improvement of the
Information Security Management System (ISMS) in accordance with ISO/IEC 27001
standards. The incumbent will play a pivotal role in ensuring the confidentiality,
integrity, and availability of our information assets, while also ensuring compliance
with legal and regulatory requirements.

Key Responsibilities

ISMS Development And Implementation

 Lead the design, implementation, and continuous improvement of an ISMS

aligned with ISO/IEC 27001 and other relevant frameworks (e.g., NIST, POPIA,
CIS, CSA etc.).
 Develop, implement, and maintain information security policies, procedures,
and guidelines.
 Assess existing information security practices and recommend improvements.
 Ensure the organization's ISMS aligns with business needs, regulatory
requirements, and industry best practices.

Risk Assessment And Management

 Perform risk assessments to identify potential security risks to the

organization's information assets in alignment to ISO 31000.
 Develop risk treatment plans and assist in the implementation of risk
mitigation strategies.
  Conduct ongoing risk assessments and audits to ensure the effectiveness of
the ISMS.

Compliance And Audits

 Ensure compliance with ISO/IEC 27001 and other industry standards and
regulations.
 Prepare the organization for certification audits and support the audit process.
 Coordinate with auditors and certification bodies.
 Maintain records and documentation to ensure traceability and compliance
with ISMS requirements.

Training And Awareness

 Provide training to staff and management on information security best

practices, policies, and compliance requirements.
 Promote a culture of information security awareness across the organization.
 Support the creation of an internal security awareness program.

Incident Response And Management

 Assist in the development and testing of incident response plans.

 Provide guidance and support in handling information security incidents.
 Ensure incidents are documented and reported in accordance with regulatory
and contractual obligations & assist in post-incident analysis to determine the
cause and recommend preventive actions.

Continuous Improvement

 Define and monitor ISMS-related KPIs and metrics.

 Monitor and report on the performance of the ISMS, identifying areas for
improvement.
 Monitor compliance with security policies and procedures.
 Lead regular internal audits to assess the effectiveness of the ISMS.
 Recommend and implement improvements based on audit findings, risk
assessments, and evolving industry practices.
 Keep up-to-date with emerging threats, vulnerabilities, and regulatory
changes.
Vendor And Third-Party Risk Management

 Assess and monitor third-party vendors and service providers for information
security compliance.
 Assist in the integration of ISMS controls into third-party contracts and SLAs.

Key Relationships

 This role plays a critical role in managing and maintaining relationships with
both internal and external stakeholders.
 These interactions are essential for ensuring the organization’s security
posture is robust and aligned with its strategic objectives.

Qualifications And Experience

Qualifications, Skills and Experience Required for the Job

 Bachelor’s Degree: A bachelor’s degree in information security, Computer

Science, Information Technology, or a related field is required.
 Mandatory Requirement: ISO27001 Lead Implementer Preferrable: ISO27001
Lead Auditor, Certified Information Security Manager (CISM), Certified
Information Systems Auditor (CISA)
 The ISMS Specialist role demands a robust combination of technical expertise,
specialized knowledge, and strong leadership abilities. The ideal candidate
must have an intrinsic understanding of the ISMS statement of applicability.
 The ideal candidate should possess in-depth knowledge of information
security frameworks such as ISO/IEC 27001, NIST, and CIS Controls.
Familiarity with IT governance frameworks (e.g., COBIT, ITIL)., and have
extensive experience in risk management, incident response, and compliance,
particularly with South African regulations like POPIA and the Cybercrimes Act.
 Soft skills such as excellent communication, adaptability, attention to detail,
and ethical judgment are also vital, enabling the Information Security
Compliance Specialist to convey complex security concepts, adapt to evolving
threats, and uphold the highest standards of security and privacy within the
organization. Experience in BIA, BCM, DR.Include experience in vulnerability
management, patching, JML.
 Minimum of 7-10 years of experience in the field of information security,
cybersecurity, or a related discipline, with at least 1-3 years in a managerial
or leadership capacity. This experience should include hands-on
management of security frameworks such as ISO/IEC 27001 and NIST,
as well as significant exposure to risk management, incident
response, and compliance with industry regulations.
 Proven experience of leading ISO/IEC 27001 certification projects and
certification maintenance.
  Experience in working with ISO27001 certification bodies.
 Development of audit and ISMS remediation plans.
 Familiarity with data protection laws and industry regulations.
 Relevant professional certifications such as CISM, CRISC, or CISA, which
validate their expertise in key areas of information security. Knowledge of
security tools, including Microsoft Sentinel, CyberReason, and Microsoft
Defender, is essential for managing the organization’s security posture
effectively.

Skills and Competencies

 Strategic Thinking: Ability to align security strategies with business objectives

and anticipate future challenges.
 Technical Expertise: Knowledge of security frameworks, technologies, and
tools, with strong proficiency in threat analysis and mitigation.
 People Management: Strong leadership skills to build, manage, and effectively
leverage external resources.
 Decision-Making and Judgment: High discretion in making critical security
decisions, balancing immediate needs with long-term goals.
 Collaboration and Communication: Excellent interpersonal skills for engaging
with both technical and non-technical stakeholders and building strong
relationships.
 Problem-Solving and Analytical Skills: Strong analytical abilities to assess and
resolve complex security issues across organizational boundaries.
 Compliance and Regulatory Knowledge: In-depth understanding of relevant
regulations and standards, ensuring ongoing compliance.
 Adaptability and Resilience: Ability to adapt to changing security landscapes
and manage high-pressure situations.
 Ethical Integrity: Commitment to upholding the highest ethical standards in all
security practices