Job Title: GRC Lead Location: Remote Duration: Long Term
Role Overview:
We are seeking a seasoned Governance, Risk, and Compliance (GRC) Consultant to lead our organization through the end-to-end process of achieving ISO/IEC 27001 certification. The ideal candidate will have a proven track record of designing, implementing, and maturing Information Security Management Systems (ISMS) in complex environments.
Key Responsibilities:
Gap Analysis: Conduct a comprehensive assessment of existing technical and administrative controls against ISO 27001:2022 requirements.
Risk Management: Lead formal Information Security Risk Assessments to identify, analyze, and treat organizational risks, ensuring the creation of a robust Risk Treatment Plan (RTP).
Documentation & Policy Design: Draft and refine the Statement of Applicability (SoA) and all mandatory ISMS policies, procedures, and records.
Control Implementation: Partner with IT, HR, and Legal teams to implement necessary security controls (e.g., access control, physical security, incident response).
Internal Audit: Execute a full pre-certification internal audit to ensure readiness and manage the remediation of any non-conformities.
Certification Liaison: Act as the primary point of contact for the external Certification Body during Stage 1 and Stage 2 audits.
Required Experience & Qualifications
Direct Experience: Proven success in leading at least 2 3 organizations through successful initial ISO 27001 certification cycles.
Certifications: Must hold at least one of the following: ISO 27001 Lead Implementer.
Technical Literacy: Deep understanding of how GRC software (e.g., Vanta, Drata, OneTrust, or ServiceNow) integrates with ISMS workflows.
Project Management: Ability to manage timelines, stakeholder expectations, and cross-departmental "buy-in."
Never miss an opportunity! Create an alert based on the job you applied for.
