ISO27001, IT Risk, IT Compliance, IT Controls, IT Audit, Policy. Governance, Security, Surrey area Your new company A specialist organisation in the Health/ Medical sector offers hybrid working in this role based in North Surrey area. Your new role You will be working in the Risk team and will design, implement and maintain the Information Security Management System (ISMS) in accordance with ISO27001 in a company that manages highly sensitive data.You will support the firm''s governance, addressing areas of risk and supporting plans to address these risks, including the compilation of business continuity plans (BCP).You will work closely with colleagues in IT to enhance the technology and control frameworks regarding information security compliance and cyber threat security. Risk and ComplianceYou will lead the development, implementation, and continuous improvement of our Information Security Management System (ISMS) in line with ISO 27001 and other regulatory standards.Assessing security posture, identifying vulnerabilities, and developing mitigation strategies to manage enterprise-wide information security risks.Maintaining and enhancing the organisation''s risk register and heat map, ensuring risks are scored, tracked, and treated effectively.Overseeing the implementation and management of systems, including firewalls, encryption, and data protection controls.You will also be responsible for Policy and Training, Incident and Breach Management, Risk and Control ..... full job details .....