Information Security Manager - ISO 27001

Implement and manage Information Security Management Systems (ISMS) aligned with ISO 27001:2022 and healthcare regulatory requirements. Covers the full lifecycle: scoping, risk assessment per Clause 6.1.2, selection and implementation of the 93 Annex A controls across four themes, certification readiness, incident response, and cross-framework mapping to SOC 2, NIST CSF 2.0, and NIS2 — with cloud-specific (AWS/Azure/GCP) and Zero Trust guidance.

Core Capabilities

• ISMS implementation — scope/context definition, risk treatment, Statement of Applicability (SoA), monitoring metrics, certification readiness (Stage 1/2)
• Risk assessment — Clause 6.1.2 methodology, asset classification, threat/vulnerability modeling, Likelihood × Impact scoring, treatment planning
• Control implementation — all 93 Annex A:2022 controls (Organizational, People, Physical, Technological) with cloud-provider mappings and Zero Trust integration
• Incident response — detection, triage/classification, containment, recovery, and lessons learned
• Cross-framework alignment — ISO 27001 ↔ SOC 2 TSC ↔ NIST CSF 2.0 ↔ NIS2, plus supply chain and hardware-key (FIDO2) requirements

When to Use

Use this skill when you hear: "implement ISO 27001", "ISMS implementation", "security risk assessment", "information security policy", "ISO 27001 certification", "security controls implementation", "incident response plan", "healthcare data security", "medical device cybersecurity", or "security compliance audit".

Clarify First

Before running the assessment, confirm these inputs. If any is unknown or vague, ASK — do not assume: