About the job

YNV group is hiring an experienced Governance and Compliance Manager to join our information security management team. As the Governance and Compliance Manager, you will manage the ISMS (Information Security Management System) related to our ISO27001 certifications (customer requirements). The role will also support or drive our Business Continuity Management (BCM) efforts.

Helping people thrive and grow in the modern digital world.

YNV Group is a holding company that began as a highly successful tech support start-up. In just a few years, we grew into a multi-brand group of companies serving global enterprise clients and governments. Today, our brands include Tek Experts, elev8, Talentwize, Monifai, Everty, and Sandglass and operate across the tech, real estate, and financial services sectors.

Responsibilities:

• Ownership and management of the Information Security policies. This includes developing, reviewing, and updating the policies to ensure that they are aligned with the organization’s business needs and objectives.
• Management of the Information Security Management System (ISMS), according to ISO27001 principles. This includes implementing, monitoring, and improving the ISMS to ensure that it is effective in protecting the organization’s information assets.
• Implementation of ISO27001 scope increases and to additional group companies. This involves expanding the scope of the ISMS to cover new areas of the organization or to new group companies.
• Lead or support the implementation of the Business Continuity Plan. This includes developing, testing, and maintaining the business continuity plan to ensure that the organization can continue to operate in the event of a disruption.
• Plan, coordinate, and oversee the additional certifications including ISO22301 and ISO27701. This involves working with the organization to obtain additional certifications that demonstrate the organization’s commitment to information security.
• Integrate several Management Systems into a unique Management System. This involves combining the organization’s different management systems, such as quality management, environmental management, and information security management, into a single system.
• Collaborate with internal stakeholders, external auditors, and certification bodies to ensure successful certification. This involves working with all stakeholders to ensure that the organization is prepared for certification audits and that the audits are completed successfully.
• Prepare certification audits and be the single point of contact with external auditors. This involves preparing for certification audits by gathering all the necessary documentation and by being the single point of contact for external auditors.
• Continuously check the effectiveness of the ISMS and identify opportunities for improvement. This involves monitoring the effectiveness of the ISMS and making recommendations for improvement.

Qualifications:

• A bachelor’s degree in information security or a related field is required.
• Good to be ISO27001 Lead Implementer certified.
• Proven experience in developing, implementing, and maintaining an Information Security Management System (ISMS) in line with ISO 27001 standards.
• Strong knowledge of information security principles, practices, and industry standards.
• Experience in implementing and managing business continuity plans (BCPs).
• Experience in implementing or managing Business Continuity Management Systems (BCMSs) according to ISO22301 requirements. ISO22301 Lead Implementation certification is also valued.
• Experience in implementing or managing Privacy Information Management Systems (PIMSs) according to ISO27701 requirements. ISO27701 Lead Implementation certification is also valued.
• Relevant certifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer, ISO22301 Lead Implementer) are highly desirable.

YNV group is an equal opportunity employer. We do not and will not discriminate in employment and personnel practices based on race, sex, age, handicap, religion, national origin, or any other basis prohibited by applicable law. Hiring, transferring, and promotion practices are performed without regard to the above-listed items.