Im buiding up the ISMS and I requested some positions in my company to sign on NDA in ISMS, but I dont know exactly who have to sign on NDA (eg. Director, CSO, Security Representative etc ). If Im the boss, do I have to sign on an NDA?
To answer your question directly, only those employees where the risks are higher should sign the NDA - it can include also you as their boss if there are risks that need to be decreased using this control. Therefore, first do your risk assessment and then decide who needs to sign the NDA.