Information Security Management System Lead

Job description

**We are Generac, a leading energy technology company committed to powering a smarter world.**

Over the 60 plus years of Generac’s history, we’ve been dedicated to energy innovation.

From creating the home standby generator market category, to our current evolution into an energy technology solutions company, we continue to push new boundaries.

The ISMS Lead coordinates and maintains the daily operations of the Information Security Management System (ISMS) Program, ensuring compliance with ISO27001 and alignment with Generac’s broader cybersecurity and compliance frameworks.

The ISMS lead is the central point of contact for cross-functional control owners, capability teams, and audit stakeholders—supporting evidence collection, risk and control tracking, and the orchestration of ISMS-related deliverables across both internal ISMS assessments and external ISO27001 audits.

The ISMS Lead drives operational excellence through governance coordination, audit readiness, and performance monitoring.

This includes facilitating working groups, tracking the Statement of Applicability (SoA), risk register updates, and corrective action plans.

The role supports both corporate and subsidiary teams in implementing and sustaining ISMS requirements, helping to foster a culture of compliance and continuous improvement across the organization.

**Major Responsibilities**

+ Coordinates the day-to-day operations of the Information Security Management System (ISMS), ensuring alignment with ISO27001 and Generac’s unified governance and compliance frameworks
+ Maintains the GRC platform, supporting timely delivery of compliance activities across policy owners, control implementers, and evidence contributors
+ Facilitates internal ISMS assessments, committee meetings, and working group sessions by preparing agendas, tracking action items, and reporting compliance progress
+ Supports capability teams, subsidiaries, and control owners by clarifying implementation expectations, audit documentation needs, and evidence quality standards
+ Tracks and manages the lifecycle of risks, controls, and corrective actions, including updates to the risk register and the Statement of Applicability (SoA)
+ Coordinate ISMS readiness efforts in preparation for external ISO27001 audits or other applicable certification assessments
+ Develops and refines ISMS-related documentation, including procedures, guidelines, control narratives, and support materials
+ Maintains dashboards and performance metrics related to audit readiness, non-conformity closure, and risk treatment activities
+ Identifies bottlenecks, overdue tasks, and control misalignments, escalating as needed to the IT GRC Capability Manager or Director of InfoSec
+ Ensures consistent version control, evidence traceability, and document quality across all submissions in support of audits or assessments
+ Collaborates with Capability Teams and subsidiaries to ensure control implementation aligns with policy and framework expectations
+ Monitors developments in ISO27001:2022, privacy regulations, and industry best practices to continuously improve the ISMS model and processes
+ Supports onboarding and enablement of new ISMS participants, including training on stakeholder roles, tool usage, and evidence responsibilities
+ Coordinates internal evidence gathering for ISMS assessments and external audits, including document requests, stakeholder interviews, and audit walkthrough preparation

**Minimum Job Requirements**

**Education**

+ Bachelor’s Degree with Information Technology focus, or equivalent experience

**Work Experience**

+ 5 years experience in Information Security Management Systems or Cyber Security.
+ Proven experience supporting or coordinating ISO27001 compliance or certification efforts.
+ Experience working within a multi-framework compliance program (e.g., ISO27001, NIST, SOC 2, PCI, GDPR).
+ Understanding of risk assessment methodologies, control mapping, and evidence management practices.
+ Experience with GRC platforms, able to apply prior learnings to new GRC tools.
+ Experience with cross functional coordination, providing guidance to teams across IT and business functions

**Knowledge / Skills / Abilities**

+ Familiarity with cloud service models and control responsibilities in SaaS/PaaS/IaaS environments
+ Strong coordination, documentation, and communication skills for multi-stakeholder collaboration
+ Familiarity with unified control framework initiatives or crosswalks across security and privacy standards
+ Understanding of how compliance maps to internal business processes and capability team structures
+ Ability to coordinate evidence requests, policy updates, and SoA changes in a dynamic environment
+ Experience maintaining compliance metrics, dashboards, or remediation tracking reports
+ Knowledge of key control areas such as access control, data protection, vulnerability management, and incident response

**Preferred Job Requirements**

**Certification / License**

+ Certifications preferred: ISO27001 Lead Implementer or Auditor, CISA, CISSP, CISM, or SCF Certified Practitioner

**Great Reasons to work for Generac**

+ Competitive Benefits: Health, Dental, Vision, 401k and many more
+ Pride! When a storm strikes, Generac employees always rise to the occasion.

Each time a storm hits, many employees volunteer their time with the customer support team or on the production line, while others go right into storm-affected areas to repair generators
+ Make a positive impact.

Generac has always been community-minded and dedicated to giving back.

The company proudly offers a Volunteer Time Off program, inviting team members to participate in charitable volunteer opportunities on company time.
+ We’re an inclusive company that celebrates differences and keeps equity and respect at the forefront.

**Compensation:** Generac is committed to fair and equitable compensation practices.

The salary range for this role when based in Colorado or California is $120,000 to $150,000.

This compensation will ultimately be in line with the location in which the position is filled.

Final compensation for this role will be determined by various factors such as a candidate’s relevant work experience, skills, certifications, and geographic location.

**Physical Demands** : While performing the duties of this job, the employee is regularly required to talk and hear; and use hands to manipulate objects or controls.

The employee is regularly required to stand and walk.

On occasion the incumbent may be required to stoop, bend or reach above the shoulders.

The employee must occasionally lift up to 25 - 50 pounds.

Specific conditions of this job are typical of frequent and continuous computer-based work requiring periods of sitting, close vision and ability to adjust focus.

Occasional travel.

_“We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, or any other characteristic protected by law.”_

Over the 60 plus years of Generac’s history, we’ve been dedicated to energy innovation.

From creating the home standby generator market category, to our current evolution into an energy technology solutions company, we continue to push new boundaries.

As one of the leaders and largest suppliers of power generation equipment and technology, the work we do touches millions of lives.

Employees at Generac are encouraged to be innovative and are valued as an integral part of our global team.

Our challenging goals develop knowledgeable employees dedicated to helping continue Generac’s success.

Generac provides individuals the opportunity to work in a fast-paced agile work environment where their work makes a difference in people’s lives and their own.

Required Skill Profession

Other General