REQUIREMENTS

1.Must‑haves

• Industry‑recognised ISO/IEC 27001 certifications (Lead Auditor and/or Lead Implementer) from IRCA, PECB or an equivalent body.
• 5+ years of proven ISO/IEC 27001 ISMS implementation and internal audit experience, including successful certification programs.
• Demonstrable experience across OT/industrial or campus‑scale environments; able to translate ISO controls for IBMS/FMS (e.g., BMS, access control, CCTV, fire, PA/VA, energy, elevators).
• Strong risk management, policy development, audit execution, supplier governance, and evidence management.
• Eligibility to work on‑site in Singapore and to pass airport background/security clearance.

2.Nice‑to‑haves

• Previous experience in airport or airline programs; exposure to aviation operational technology and critical infrastructure.
• Complementary certifications (e.g., ISO 22301, ISO 20000‑1, CISSP/CISM/CISA) and familiarity with NIST CSF/800‑82.
• Experience engaging with accredited certification bodies operating in Singapore.

WHO WE ARE

Keyrus, creator of value in the era of Data and Digital.
Keyrus is dedicated to helping enterprises take advantage of the Data and Digital paradigm to enhance their performance, facilitating and accelerating their transformation, and generating new drivers of growth, competitiveness, and sustainability.
Keyrus in APAC employs more than 220 highly skilled consultants and is part of the international Keyrus Group, an international player in consulting and technologies and a specialist in Data and Digital. Created in 1996, listed on Euronext’s Eurolist, with consolidated revenues of US$400m in 2023 and with more than 3,500 employees in 27 countries, the Keyrus Group offers the performance, solidity and know-how of a large professional services organisation, whilst preserving the agility of a young company

ABOUT THE ROLE

Our client seeks an ISO/IEC 27001 Lead Consultant to drive the ISMS program across IBMS and FMS in an airport environment. The role focuses on updating documentation to the latest ISO/IEC 27001:2022 standards, creating processes and artefacts for previously unaudited areas, coordinating with internal and external partners, and leading risk activities while planning certification through the full three-year ISO cycle, including initial certification and surveillance audits.

KEY RESPONSIBILITIES

• Review and streamline ISMS processes and documentation; align to ISO/IEC 27001:2022, ISO/IEC 27002:2022 and the Statement of Applicability for IBMS/FMS scope.
• Lead comprehensive risk assessment of airport assets and OT systems (IBMS/FMS), develop risk treatment plans, update SoA and control evidence.
• Develop missing policies, procedures, standards, data classification, supplier security, incident response, and OT/ICS‑specific controls where gaps exist.
• Design and deliver ISMS awareness and role‑based training for Engineering, Facilities, OT and IT stakeholders.
• Plan and execute internal audits; track non‑conformities and corrective actions to closure.
• Prepare and support management reviews (inputs, metrics, KPIs, effectiveness evaluation).
• Coordinate the certification body engagement: certification readiness, audit logistics, on‑site support, responses to findings; build the surveillance audit calendar and handover plan.
• Orchestrate partners (systems integrators, OEMs, managed service providers) to deliver controls and evidence needed for certification.
• Establish interfaces with airport governance (safety, operations, physical security) and change management to ensure enduring compliance.
• Produce clear deliverables: current‑state gap report, risk register and RTP, updated ISMS library, audit pack, auditor playbook, training records, and a year‑by‑year surveillance roadmap.