[Hiring] ISO 27001 Subject Matter Expert @TestPros

Role Description

We are seeking an experienced ISO 27001 Subject Matter Expert to join our team and help us maintain and improve our information security management system (ISMS).

• Start: Future projects late 2026 or 2027 (not an immediate job opening)
• Type: Part-time consulting

The ISO 27001 SME will be responsible for leading and managing the development, implementation, and maintenance of our ISMS in accordance with ISO 27001 standards. The ideal candidate will have extensive experience in information security management, a deep understanding of ISO 27001 requirements, and a proven track record of achieving and maintaining certification.

Key Responsibilities:

• Lead the design, implementation, and maintenance of the ISMS in compliance with ISO 27001 standards.
• Conduct risk assessments and develop risk treatment plans to mitigate information security risks.
• Coordinate and conduct internal audits to ensure ongoing compliance with ISO 27001 and prepare the organization for external audits.
• Develop and deliver training programs to raise awareness of information security policies and procedures across the organization.
• Work closely with cross-functional teams to ensure information security is integrated into all business processes and projects.
• Maintain up-to-date documentation of the ISMS, including policies, procedures, and audit records.
• Monitor and report on the performance of the ISMS, including metrics and key performance indicators (KPIs).
• Stay current with the latest developments in information security and ISO 27001 standards to ensure continuous improvement of the ISMS.
• Provide expert guidance and support to the organization on all matters related to ISO 27001 and information security.
• Collaborate with external auditors and regulatory bodies as needed.

Qualifications

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• Minimum of 5 years of experience in information security management, with a focus on ISO 27001.
• In-depth knowledge of ISO 27001 standards and best practices for information security management.
• Experience conducting risk assessments and managing risk treatment plans.
• Strong project management skills with the ability to lead cross-functional teams.
• Excellent communication and interpersonal skills, with the ability to effectively train and educate employees on information security practices.
• Strong analytical and problem-solving skills.
• Ability to stay current with the latest industry trends and developments in information security.

Preferred Qualifications

• Master’s degree in Information Security, Computer Science, Information Technology, or a related field.
• ISO 27001 Lead Auditor or Lead Implementer certification.
• Additional certifications such as CISSP, CISM, or CISA.
• Experience working in a specific industry, e.g., finance, healthcare, technology environment.

Rate

$60-105/hr (1099 or Corp. To Corp.). This range represents a good-faith estimate and is not a guarantee; final compensation is determined by factors such as experience, qualifications, and government contract labor rate requirements and may fall outside the stated range.

Equal Opportunity Employer

TestPros is an equal-opportunity employer and does not discriminate in employment based on race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or any other non-merit factor.

Offer Considerations

TestPros considers several factors when extending an offer, including but not limited to, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, geographic location, education, and certifications.

Federal Compliance

As a federal contractor, TestPros is subject to all federal and state mandates and/or other customer requirements.