Newsletter Anmeldung

Bleiben Sie mit dem Newsletter immer up to date.

Zur Anmeldung
Request
arrow-to-top
Reto Steinmann
Head of Consulting
request

ISMS Manager

System and process responsibility in safe hands

An effective Information Security Management System (ISMS) in accordance with ISO/IEC 27001 protects your information in a risk-based and sustainable manner – with or without certification.

Ideally, an ISMS Manager should assume technical responsibility for the establishment, operation and further development of an ISMS. In doing so, the ISMS Manager works closely with the CISO and relieves them of the burden of operating the ISMS.

If your organisation lacks the necessary staff resources, it is worth engaging an external ISMS manager on a retainer basis. Our specialists take on the specialised system and process responsibility relating to information security.

Objectives

  • Establishment and maintenance of a standards-compliant and effective ISMS
    Development, operation and continuous improvement of an information security management system in accordance with ISO/IEC 27001, taking organisational requirements into account – regardless of certification.  
  • Systematic control and documentation of security-related processes and evidence
    Maintenance of risk management and the Statement of Applicability (SoA), as well as ensuring traceable and auditable documentation.  
  • Ensuring the system’s auditability and capacity for improvement
    Planning, conducting and supporting internal and external audits, including management review and the identification of improvement measures.

Activities (selection)  

  • Updating of policies, guidelines and evidence  
  • Maintaining the information inventory  
  • Support with changes and projects (security sign-off)  
  • Awareness-raising and training  
  • Coordination of certification audits  

Get in touch now

Contact us for a quote and find out why the establishment, operation and/or further development of an ISMS is in good hands with us. 

Request for ISMS Manager

Related services

CISO as a Service

Is your focus on information security that works from A to Z – pragmatic, cost-effective and tailored to your organisation, with a CISO who is embedded within your organisation? Then the CISO as a Service mandate is the right choice for you.

CISO on Demand

Der CISO on Demand is a scaled-down version of CISO as a Service – for companies that require targeted, location-independent support for specific issues, projects or phases – on demand or as and when required.

Decision-making guide: Which service we recommend and when

The client’s initial situationRecommended mandate
No internal security responsibility in placeCISO as a Service or CISO on Demand
Increased regulatory pressure (e.g. hospitals, critical infrastructure)CISO as a Service
Focus on ISO 27001 / ISMS operationISMS Manager
Transitional solution soughtCISO on Demand or CISO as a Service
Current CISO / Security OfficerISMS Manager
Reto Steinmann
Head of Consulting
request

Non-binding enquiry

© Swiss Infosec AG 2026