Senior GRC Analyst II, ISO 27001

Department: Governance, Risk & Compliance

Employment Type: Full Time

Location: Ireland

Description

Key Responsibilities

• Lead ISO 27001 readiness engagements, Stage 1 / Stage 2 Certification audits, Surveillance audits, and Recertification audits in accordance with ISO/IEC 27001:2022.
• Own engagement planning, scoping, timelines, client relationships, and execution across multiple concurrent ISO 27001 clients.
• Audit clients on ISMS design, control selection, and implementation aligned to ISO 27001 Clauses and Annex A controls and organizational risk context.

• Serve as an internal and external subject matter expert on GRC and compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar tools) in the context of ISO 27001.
• Configure and optimize client platform environments, including:
• ISO 27001 control mapping to Annex A and organizational risk register
• Evidence workflows and documentation management
• Automated integrations (cloud providers, ticketing systems, HRIS, code repositories, etc.)
• Continuous monitoring settings aligned to ISMS objectives
• Review automated control outputs and exception reporting to ensure audit defensibility.
• Identify opportunities to improve automation coverage and reduce manual evidence collection.
• Partner with clients to mature their ISMS operations using platform analytics and reporting.

• Review, document, and test IT general controls (logical access, change management, system operations) mapped to ISO 27001 Annex A domains.
• Evaluate technical and organizational controls within SaaS, cloud-native, and hybrid environments.
• Assess controls over infrastructure environments (AWS, Azure, GCP), identity management, and DevOps workflows in alignment with ISO 27001 requirements.
• Validate evidence sufficiency and completeness within compliance platforms to support certification conclusions.
• Support risk assessment and risk treatment processes central to ISMS implementation.

• Serve as primary point of contact for ISO 27001 clients, including executive-level stakeholders.
• Present audit findings, risk insights, and general advisory recommendations to client leadership.
• Provide general advisory to high-growth SaaS and technology clients on building scalable, certification-ready ISMS programs.
• Support sales and go-to-market efforts for ISO 27001 services, including scoping and technical input on proposals.

• Mentor junior analysts on ISO 27001 methodology, platform navigation, and control testing best practices.
• Contribute to the refinement of ISO 27001 templates, testing programs, risk assessment frameworks, and platform playbooks.
• Identify efficiencies to standardize and scale ISO 27001 engagements across the practice.
• Support training initiatives to elevate internal ISO 27001 platform expertise.

Skills, Knowledge & Expertise

• 4+ years of experience in ISO 27001, IT audit, or GRC, preferably within public accounting or consulting.
• Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field; advanced degree a plus.
• Demonstrated experience leading ISO 27001 certification engagements (Stage 1 and Stage 2).
• Hands-on experience administering or auditing within GRC/compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar) in an ISO 27001 context.
• Deep understanding of:
  • ISO/IEC 27001:2022 standard and Annex A controls
  • ISMS risk assessment and risk treatment methodologies
  • IT General Controls (ITGCs)
  • Cloud environments (AWS, Azure, GCP)
  • SaaS operational environments
• Experience reviewing automated evidence and continuous monitoring outputs in support of certification.
• Strong client advisory and presentation skills, including executive-level communication.
• Ability to manage multiple engagements in fast-paced, high-growth environments.

• Experience working with venture-backed or high-growth SaaS companies.
• Familiarity with adjacent frameworks (SOC 2, NIST CSF, ISO 27701, ISO 27017/27018).
• Experience with ISO 27001 internal auditor or lead auditor programs.
• Professional certifications such as ISO 27001 Lead Auditor/Lead Implementer, CISA, CISSP, CISM, or CRISC.

Benefits

• Comprehensive Health Coverage – Medical, dental, and vision.
• Generous Paid Time Off – Vacation, sick time, holidays, parental leave and volunteer days.
• Flexible Work Arrangements – Hybrid or remote options, flexible hours.
• Performance-Based Bonus – Recognition for your contributions through discretionary bonuses.
• Professional Development Opportunities – Tuition reimbursement, certifications, mentorship.
• Career Growth & Internal Mobility – Clear paths for advancement and role transitions.
• Inclusive & Supportive Culture – DEI initiatives, employee resource groups, wellness programs.