ISMS Compliance Officer

We are seeking an experienced ISMS Compliance Officer to lead the implementation, certification, and maintenance of our ISO 27001 Information Security Management System (ISMS) for our Islamabad back-office operations. The role will initially focus on achieving ISO 27001 certification for our MBS/NOS operations, with future extension to US operations and alignment with ISO 9001 and HITECH compliance.

Key Responsibilities

• ISMS Implementation & Management
• Lead the design, documentation, and implementation of the ISMS framework in line with ISO 27001 requirements.
• Conduct risk assessments, gap analyses, and implement corrective actions.
• Develop, review, and maintain information security policies, SOPs, and control frameworks.
• Ensure offshore operations in Islamabad meet international security and compliance expectations of US clients.

Audit & Certification

• Prepare the organization for ISO 27001 certification audit (Stage 1 & Stage 2).
• Coordinate with accredited external auditors and certification bodies.
• Lead internal ISMS audits and ensure timely closure of findings.
• Support the future expansion of certification scope to US HQ operations.

Compliance & Regulatory Alignment

• Map ISMS controls to HIPAA/HITECH requirements and proactively address compliance gaps.
• Support future integration of ISO 9001 for quality management and continuous improvement.
• Monitor local (Pakistan IT regulations) and international compliance requirements affecting operations.

Training & Awareness

• Conduct ISMS awareness training for employees across IT, networks, and medical billing teams.
• Promote a security-first culture across Islamabad operations.

Qualifications & Experience

• Education: Bachelors in computer science, Information Security, or related field (Master’s preferred).
• Certifications (Preferred): ISO 27001 Auditor/Implementer, CISA, CISM, CISSP.

Experience:

• Minimum 3+ years in information security / compliance roles.
• At least 2+ successful ISO 27001 implementations and audits (Stage 1 & 2) as Lead or Key Contributor.
• Prior experience in the Medical Billing/Healthcare Business Process Outsourcing sector is an advantage.
• Familiarity with HIPAA/HITECH requirements and healthcare data security.
• Strong background in risk management, incident response, and IT/security governance.

Skills

• Strong understanding of ISMS frameworks, ISO standards, and regulatory compliance (HIPAA/HITECH).
• Excellent communication skills to coordinate with US-based leadership and local teams.
• Experience working with IT/Dev/Network teams to align security practices.
• Ability to manage external auditors and certification bodies.
• Proactive, detail-oriented, and able to drive compliance culture.

Job Type: Full-time

Work Location: In person