Project Manager

Location: Pittsburgh, PA

Job Type: Contract

The Project Manager role is to support a company to achieve its industry certification program across ISO 27001.   The primary role of the Project Manager will involve implementation of an ISO ISMS certification standard under the guidance of an external ISO consultant.   This is a hands-on role where the candidate must work with a combination of executives, technical, and non-technical staff, along with vendors, 3rd party auditors and external ISO consultant.   Candidate will manage the ISO preparation, implementation and certification process and timeline, and provide guidance and act as knowledge expert on the ISO 27001 project.   Role will serve as the primary interface with the internal and external IT and business team members, and assist with the development and maintenance of the ISO framework, policies and documentation for the company.   Project Manager will work with team to identify gaps in existing security controls while ensuring alignment to industry standards.   The Project Manager will work internally with IT to develop documentation while embedding compliance requirements into the end to end IT management processes.   This role will act as a business enabler for IT to help shepherd and embed security and compliance in the environment.   Previous project experience assisting in regulatory compliance for audit, risk scoring, security controls assessments, or security compliance activities is a must.   After initial implementation, the focus on the role may then expand to increase the scope of standard into other areas of the business.   The Project Manager must possess a temperament to keep a project on track in a climate of various stakeholders and external vendors who are faced with numerous high-priority demands on their time and energy.  Exceptional communication, negotiation, and conflict resolution skills are a necessity.


  • Serve as the ISO 27001 certification Project Manager & assist with Audit preparation
  • Provide guidance and direction on ISO 27001, act as knowledge expert on the project
  • Serve as the primary interface with the internal and external IT, business team members and 3rd party auditors
  • Develop and maintain the ISO framework, policies and documentation for the company
  • Manage the ISO preparation, implementation and certification process and timeline
  • Negotiate with internal stakeholders to meet project timeline and deliverables
  • Manages the timeframe and deliverables for the ISO certification process
  • Train and act as an advocate for ISO best-practices within the organization
  • Leads the preparation and the implementation of necessary information security policies, standards, procedures and guidelines, to get appropriate approvals and feedback.
  • Manages and leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
  • Supports suitable information security awareness, training and educational activities
  • Manages information security risk assessments and controls selection activities
  • Liaison with and offers strategic direction to related governance functions (such as Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary
  • Maintain knowledge of relevant standards and references and incorporate into business practices, policies, and compliance frameworks
  • Assist in the definition of project scope and objectives, involving all relevant stakeholders
  • Use project management principles to provide leadership, management, and direction to project teams to ensure successful delivery of objectives within the budgetary and timing constraints of the project
  • Develop detailed project plan(s) to monitor and track progress
  • Control the project scope, timeline, cost, quality, and risks
  • Measure project performance using appropriate tools and techniques
  • Drive appropriate meeting cadence required to achieve and maintain for a successful internal/external third-party audit
  • Manage progress of the project and team, monitor and manage schedules while maintaining an appropriate level of quality as required for compliance/audit
  • Facilitate efficient communication across all levels of a project to ensure consistency in reaching the project’s goals, and to help in the recognition of any potential opportunities, risks, or complications.
  • Drive cross-functional groups to solve problems across projects
  • Hold business owners accountable for timely and quality execution of assigned tasks
  • Perform risk management to minimize project risks: identify, track, mitigate, and resolve risks and issues
  • Present recommendations, options, opportunities, and assumptions to leadership
  • Maintain internal documents for assigned compliance programs covering scope, governance, FAQs, security and operational documentation

Education & Experience:

  • 7+ years of project management experience with complex security, regulatory and/or information system projects
  • Experience interfacing with the External Auditors to meet auditory requirements and satisfy compliance; such as PWC, Deloitte, KPMG etc.
  • Certifications: Project Management Professional (PMP) desired
  • Knowledge of one or more standards (ISO 27001, PCI-DSS, SOX, HIPAA, FISMA, SOX, etc.)
  • Able to manage a cross-functional team to meet compliance and audits
  • Outstanding record of project and program management success, including establishing schedules, tracking progress, mitigating risk, achieving results and use of professional, repeatable methodology
  • Must possess strong analytical skills, be highly organized, and detail oriented
  • Dynamic, flexible, and able to thrive in a fast-paced environment
  • Self-directed and able to own and deliver on commitments
  • Can collaborate effectively with individuals at all levels within the company
  • Able to lead diverse and matrixed teams (employees, consultants, vendors) and to distribute, assign, and ensure completion of work without direct management authority