Managment representative for iso 27001

Thank you for your question.

Please find my answers below:

To decide among your options (infosec consultant, security specialist and ciso) who would be the most suitable person for role of ISO 27001 MR, you must consider who currently has the responsibility and authority to: 1) Ensure the ISMS conforms with ISO 27001:2013; and 2) Report the ISMS performance to top management. Besides that, you also should consider their knowledge about the business processes and their interpersonal skills. While the first two items will ensure your MR role conforms with ISO 27001:2013 clause 5.3 (organizational roles, responsibilities and authorities), the last two will help the MR to better work towards integrating information security with the business and managing the commitment of the interested parties.

These articles will provide you further explanation about defining the MR for ISO 27001:
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/

These materials will also help you regarding defining the MR for ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Feel free to contact us for any further assistance.