Information Security Management System (ISMS) Analyst

Key Responsibilities

• Support the implementation, maintenance, and continual improvement of the organization s ISMS in alignment with ISO 27001 and related frameworks.
• Maintain ISMS documentation, including the Statement of Applicability (SoA), risk assessments, control catalogs, and security policies.
• Coordinate internal and external audits, ensuring audit evidence is complete, accurate, and organized.
• Track and follow up on audit findings, remediation actions, and management review outcomes.

• Assist with readiness, documentation, and evidence collection for ISO 27001 and TX-RAMP certifications.
• Perform gap analyses and coordinate remediation activities with stakeholders across Cybersecurity, IT, and business teams.
• Monitor certification requirements and maintain reporting cadence for periodic reviews, recertification, and control testing.
• Ensure ongoing compliance with internal security policies, standards, and applicable regulatory frameworks.

• Support the Risk Management Framework by identifying and documenting control gaps, risk treatment plans, and remediation progress.
• Contribute to maintaining the risk register and ensure traceability between risks, controls, and mitigating actions.
• Validate implementation of technical and procedural controls to support compliance objectives.

• Contribute to GRC and metrics dashboards with accurate, current ISMS data.
• Support development of a metrics library mapped to NIST CSF, ISO 27001 controls, and enterprise risk areas.
• Recommend process and documentation improvements to strengthen audit readiness and streamline reporting.

Qualifications

• Bachelor s degree in information security, Computer Science, or related field (master s degree preferred).
• Minimum of 5 years of hands-on experience executing ISMS or compliance program activities.
• Strong understanding of ISO 27001 and TX-RAMP frameworks, with proven experience supporting certification or surveillance audits.
• Familiarity with NIST CSF, SOC 2, and other industry control frameworks.
• Experience working with GRC tools (e.g., Archer, ServiceNow GRC, OneTrust, or similar).
• Excellent organizational, documentation, and communication skills.
• ISO 27001 Lead Implementer or Lead Auditor certification preferred.
• Experience in the power, energy, or utilities sector is a plus.