Information Security Management System Lead

The ISMS Lead coordinates and maintains the daily operations of the Information Security Management System (ISMS) Program, ensuring compliance with ISO27001 and alignment with Generac’s broader cybersecurity and compliance frameworks. The ISMS lead is the central point of contact for cross-functional control owners, capability teams, and audit stakeholders—supporting evidence collection, risk and control tracking, and the orchestration of ISMS-related deliverables across both internal ISMS assessments and external ISO27001 audits.

The ISMS Lead drives operational excellence through governance coordination, audit readiness, and performance monitoring. This includes facilitating working groups, tracking the Statement of Applicability (SoA), risk register updates, and corrective action plans. The role supports both corporate and subsidiary teams in implementing and sustaining ISMS requirements, helping to foster a culture of compliance and continuous improvement across the organization.

Major Responsibilities

- Coordinates the day-to-day operations of the Information Security Management System (ISMS), ensuring alignment with ISO27001 and Generac’s unified governance and compliance frameworks

- Maintains the GRC platform, supporting timely delivery of compliance activities across policy owners, control implementers, and evidence contributors

- Facilitates internal ISMS assessments, committee meetings, and working group sessions by preparing agendas, tracking action items, and reporting compliance progress

- Supports capability teams, subsidiaries, and control owners by clarifying implementation expectations, audit documentation needs, and evidence quality standards

- Tracks and manages the lifecycle of risks, controls, and corrective actions, including updates to the risk register and the Statement of Applicability (SoA)

- Coordinate ISMS readiness efforts in preparation for external ISO27001 audits or other applicable certification assessments

- Develops and refines ISMS-related documentation, including procedures, guidelines, control narratives, and support materials

- Maintains dashboards and performance metrics related to audit readiness, non-conformity closure, and risk treatment activities

- Identifies bottlenecks, overdue tasks, and control misalignments, escalating as needed to the IT GRC Capability Manager or Director of InfoSec

- Ensures consistent version control, evidence traceability, and document quality across all submissions in support of audits or assessments

- Collaborates with Capability Teams and subsidiaries to ensure control implementation aligns with policy and framework expectations

- Monitors developments in ISO27001:2022, privacy regulations, and industry best practices to continuously improve the ISMS model and processes

- Supports onboarding and enablement of new ISMS participants, including training on stakeholder roles, tool usage, and evidence responsibilities

- Coordinates internal evidence gathering for ISMS assessments and external audits, including document requests, stakeholder interviews, and audit walkthrough preparation

Minimum Job Requirements

Education

- Bachelor’s Degree with Information Technology focus, or equivalent experience

Work Experience

- 5 years experience in Information Security Management Systems or Cyber Security.

- Proven experience supporting or coordinating ISO27001 compliance or certification efforts.

- Experience working within a multi-framework compliance program (e.g., ISO27001, NIST, SOC 2, PCI, GDPR).

- Understanding of risk assessment methodologies, control mapping, and evidence management practices.

- Experience with GRC platforms, able to apply prior learnings to new GRC tools.

- Experience with cross functional coordination, providing guidance to teams across IT and business functions

Knowledge / Skills / Abilities

- Familiarity with cloud service models and control responsibilities in SaaS/PaaS/IaaS environments

- Strong coordination, documentation, and communication skills for multi-stakeholder collaboration

- Familiarity with unified control framework initiatives or crosswalks across security and privacy standards

- Understanding of how compliance maps to internal business processes and capability team structures

- Ability to coordinate evidence requests, policy updates, and SoA changes in a dynamic environment

- Experience maintaining compliance metrics, dashboards, or remediation tracking reports

- Knowledge of key control areas such as access control, data protection, vulnerability management, and incident response

Preferred Job Requirements

Certification / License

- Certifications preferred: ISO27001 Lead Implementer or Auditor, CISA, CISSP, CISM, or SCF Certified Practitioner