INFORMATION SECURITY & PRIVACY GOVERNANCE LEAD (ISMS / PIMS)

INFORMATION SECURITY & PRIVACY GOVERNANCE LEAD (ISMS / PIMS)

Are you an implementer-auditor who can turn security and privacy standards into living management systems? Do you enjoy building policies, risk registers, and control evidence—and then defending them before certification bodies? We are hiring an Information Security & Privacy Governance Lead to establish, maintain and advise client teams on achieving and sustaining certification to ISO/IEC 27001, 27017, 27018, and 27701, with risk management based on ISO 27005 and ISO 31000 and close alignment to NIST frameworks.

You will work side-by-side with engineering, DevOps, data/AI teams, and legal to embed security and privacy by design across customer environments. You will also work with customers to implement data protection and governance systems, and defend audits from external auditing agencies.

• Location: Can work remote plus visit the office in Alexandria, Egypt (San Stefano) for team meetings.
• Job Type: Full-time
• Reports to: Head of Data Protection Practice.

BACKGROUND

Allendevaux & Company is a consulting firm that provides data protection as a service (DPaaS), staffing a service desk whereby customers submit data protection questions and receive rapid, intelligency advisory services. The company is also building Digital Trustify, a 25-module GRC platform that blends deep regulatory expertise with modern engineering. Your mission is to ensure our own house sets the benchmark—operating a robust, auditable ISMS/PIMS—and to help customers replicate that success.

Must have a laptop that supports documentation work and Microsoft Teams meetings. Company will provide the software.

EXPERIENCE

You have led at least one end-to-end ISO 27001/27701 implementation through external certification, run internal audits, and closed non-conformities. You are comfortable translating standards into practical controls for cloud environments (AWS/Azure/GCP), writing clear policies, and coaching teams through evidence collection and management review.

PERSONAL CHARACTERISTICS & SKILLS

• Excellent communicator in English; able to brief executives and engineers with equal clarity.
• Methodical, evidence-driven, and comfortable with audit-defensible record-keeping.
• Pragmatic facilitator who balances governance with delivery timelines.
• Strong collaborator across product, engineering, legal, and customer-facing teams.
• Ethically minded; attentive to privacy, risk, and trust implications of modern data use.

RESPONSIBILITIES

• Stand up and own the Allendevaux ISMS/PIMS aligned to ISO/IEC 27001 and 27701, with cloud controls from 27017/27018; maintain policy suites, control catalogs, procedures, and KPIs.
• Risk management: Establish and run risk assessment & treatment processes per ISO 27005/ISO 31000; maintain risk registers and treatment plans.
• Audit readiness & defence: Plan internal audit cycles, coordinate management review, prepare evidence packs, engage certification bodies, and lead corrective/preventive actions.
• Standards mapping: Maintain cross-walks to NIST CSF 2.0, NIST SP 800-53, 800-171, and relevant sectoral requirements.
• Lifecycle integration: Partner with engineering/DevOps/AI teams to embed secure SDLC, access control, logging/monitoring, vendor-risk, data protection by design, and incident response.
• Client enablement: Lead workshops, gap assessments, and readiness engagements to help customers implement integrated ISMS/PIMS programmes and defend external audits.
• Training & culture: Deliver role-based security/privacy training and awareness; champion continuous improvement.

MINIMUM QUALIFICATIONS

• Bachelor’s degree in Information Security, Computer Science, Law/Policy, or related field.
• ISO/IEC 27001 Lead Implementer (LI) and Lead Auditor (LA) certifications.
• Demonstrated working knowledge of ISO/IEC 27017, 27018, 27701 and risk frameworks ISO 27005/31000.
• Familiarity with NIST CSF, SP 800-53, and 800-171 and their practical application in cloud environments.
• 5 + years in security/privacy governance, compliance, or audit for technology products or services.

PREFERRED QUALIFICATIONS

• Master’s degree in Information Security, Computer Science, or Law/Policy.
• Additional certifications: ISO 27701 LI/LA, CISSP, CISA, CIPP/E, CIPM, or CIPT.
• Experience working with certification bodies and consulting on multi-site or multi-tenant implementations.
• Hands-on familiarity with GRC tooling (e.g., evidence repositories, control libraries, risk platforms) and secure SDLC practices.

If you’re excited to build audit-ready security and privacy programmes that are practical, defensible, and scalable—for us and for our clients—we’d love to hear from you.