The position

The role of the ISMS lead is to operate the information security management system of Sympower as per ISO 27001. It’s an inherently cross-departmental role, as the ISMS has policies and procedures that affect the entire company. The system ensures the security of Sympower’s data and systems, which includes data protection, integrity and continued availability and business continuity. The person will also be responsible for external communication with customers and partners about security related issues, answering questionnaires and handling any incoming requests or incidents via the security email inbox. The person will also oversee audits, contact with certification bodies and security budgets.

What is in it for you

We are committed to creating an inclusive and values based culture where everyone feels that they belong, and where everyone has the opportunity to do meaningful work.

We offer a market competitive compensation package, including but not limited to:

• 30 Days Paid Holiday Leave
• 1 Day Paid Wellness Leave
• 1 Day Paid Birthday Leave
• Paid Maternity and Partner Leave
• Pawternity Leave
• Mental Health and Wellbeing Support
• Remote Office Budget
• Internet Allowance
• Development Plan & Budget
• Stock Appreciation Rights
• 2 Days Paid Volunteer Leave

Learn about all of our benefits on our careers page.

What you will do

This is your opportunity to shape Sympower’s cybersecurity position and influence company-wide processes.

ISMS Management:

• Oversee the ISMS based on our chosen standard ISO 27001, including policy and procedure updates, document reviews, and audits.
• Organize and lead internal audits, management reviews, and external ISO 27001 audits.
• Conduct regular ISMS Governance Council updates to inform leadership of the cybersecurity landscape and ISMS performance.
• Ensure that the ISMS complies with NIS2.

Risk and Compliance:

• Perform risk analyses and coordinate risk mitigation strategies.
• Handle non-conformities, implement corrective actions, and maintain compliance documentation.
• Manage vendor security, ensuring third-party compliance with Sympower’s security standards.
• Take part in incident retrospectives.

Training and Awareness:

• Plan and conduct security awareness training for employees.
• Foster a company-wide understanding of security policies and their impact on day-to-day operations.

Collaboration and Leadership:

• Facilitate cross-departmental collaboration to implement security measures effectively.
• Be available to support and take part in customer facing interactions that require explanation of our ISMS.
• Lead the security team without direct managerial authority, driving results through influence and coordination.