← all jobs

Senior GRC Analyst II, ISO 27001

Work from home Full-time role Hiring

About the position The Senior GRC Analyst II – ISO 27001 will serve as a technical leader and subject matter expert focused on ISO 27001 readiness and certification engagements, with deep specialization in ISO 27001 compliance platforms and GRC tooling (e.g., Drata, Vanta, Secureframe, OneTrust, ServiceNow GRC, etc.). This role is responsible for leading complex ISO 27001 engagements from certification through certification maintenance, driving platform optimization for clients, and serving as a strategic auditor on ISMS design, control analysis, and automation. The Senior Analyst II combines strong technical knowledge of ISO 27001, ITGCs, and cloud environments with hands-on expertise configuring and managing compliance platforms to streamline evidence collection, continuous monitoring, and audit execution. This individual will lead multiple ISO 27001 engagements simultaneously, mentor junior team members, enhance ISO 27001 methodologies and platform integrations, and strengthen client relationships through proactive, insight-driven auditing. The role plays a critical part in scaling Sensiba’s ISO 27001 practice by improving efficiency, automation, and client experience. Only candidates in Ireland will be considered at this time.

Responsibilities

  • Lead ISO 27001 readiness engagements, Stage 1 / Stage 2 Certification audits, Surveillance audits, and Recertification audits in accordance with ISO/IEC 27001:2022.
  • Own engagement planning, scoping, timelines, client relationships, and execution across multiple concurrent ISO 27001 clients.
  • Audit clients on ISMS design, control selection, and implementation aligned to ISO 27001 Clauses and Annex A controls and organizational risk context.
  • Serve as an internal and external subject matter expert on GRC and compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar tools) in the context of ISO 27001.
  • Configure and optimize client platform environments, including: ISO 27001 control mapping to Annex A and organizational risk register, Evidence workflows and documentation management, Automated integrations (cloud providers, ticketing systems, HRIS, code repositories, etc.), Continuous monitoring settings aligned to ISMS objectives.
  • Review automated control outputs and exception reporting to ensure audit defensibility.
  • Identify opportunities to improve automation coverage and reduce manual evidence collection.
  • Partner with clients to mature their ISMS operations using platform analytics and reporting.
  • Review, document, and test IT general controls (logical access, change management, system operations) mapped to ISO 27001 Annex A domains.
  • Evaluate technical and organizational controls within SaaS, cloud-native, and hybrid environments.
  • Assess controls over infrastructure environments (AWS, Azure, GCP), identity management, and DevOps workflows in alignment with ISO 27001 requirements.
  • Validate evidence sufficiency and completeness within compliance platforms to support certification conclusions.
  • Support risk assessment and risk treatment processes central to ISMS implementation.
  • Serve as primary point of contact for ISO 27001 clients, including executive-level stakeholders.
  • Present audit findings, risk insights, and general advisory recommendations to client leadership.
  • Provide general advisory to high-growth SaaS and technology clients on building scalable, certification-ready ISMS programs.
  • Support sales and go-to-market efforts for ISO 27001 services, including scoping and technical input on proposals.
  • Mentor junior analysts on ISO 27001 methodology, platform navigation, and control testing best practices.
  • Contribute to the refinement of ISO 27001 templates, testing programs, risk assessment frameworks, and platform playbooks.
  • Identify efficiencies to standardize and scale ISO 27001 engagements across the practice.
  • Support training initiatives to elevate internal ISO 27001 platform expertise.

Requirements

  • 4+ years of experience in ISO 27001, IT audit, or GRC, preferably within public accounting or consulting.
  • Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field; advanced degree a plus.
  • Demonstrated experience leading ISO 27001 certification engagements (Stage 1 and Stage 2).
  • Hands-on experience administering or auditing within GRC/compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar) in an ISO 27001 context.
  • Deep understanding of: ISO/IEC 27001:2022 standard and Annex A controls, ISMS risk assessment and risk treatment methodologies, IT General Controls (ITGCs), Cloud environments (AWS, Azure, GCP), SaaS operational environments.
  • Experience reviewing automated evidence and continuous monitoring outputs in support of certification.
  • Strong client advisory and presentation skills, including executive-level communication.
  • Ability to manage multiple engagements in fast-paced, high-growth environments.

Nice-to-haves

  • Experience working with venture-backed or high-growth SaaS companies.
  • Familiarity with adjacent frameworks (SOC 2, NIST CSF, ISO 27001, ISO 27017/27018).
  • Experience with ISO 27001 internal auditor or lead auditor programs.
  • Professional certifications such as ISO 27001 Lead Auditor/Lead Implementer, CISA, CISSP, CISM, or CRISC.

Benefits

  • Comprehensive Health Coverage – Medical, dental, and vision.
  • Generous Paid Time Off – Vacation, sick time, holidays, parental leave and volunteer days.
  • Flexible Work Arrangements – Hybrid or remote options, flexible hours.
  • Performance-Based Bonus – Recognition for your contributions through discretionary bonuses.
  • Professional Development Opportunities – Tuition reimbursement, certifications, mentorship.
  • Career Growth & Internal Mobility – Clear paths for advancement and role transitions.
  • Inclusive & Supportive Culture – DEI initiatives, employee resource groups, wellness programs.

More open positions

Senior Governance Risk and Compliance (GRC) Analyst and Team Lead

Work from home Full-time role

Cybersecurity Compliance Analyst – ISO Audit Support

Work from home Full-time role

IT GRC Analyst (Cyber Contract Management)

Work from home Full-time role

Senior Analyst, Cyber Risk Quantification and GRC

Work from home Full-time role

Senior Security GRC Analyst (PCI ISA Specialist)

Work from home Full-time role

[Remote] Director, People Operations

Work from home Full-time role

UNPAID VOLUNTEER - Senior Executive Assistants / Personal Assistants

Work from home Full-time role

Remote Email & Live Chat Support Representative – Entry‑Level, No Experience Required, $25‑$35/hr Flexible Schedule

Work from home Full-time role

Sr. Director, Finance and Operations

Work from home Full-time role

Client Support Assistant - Work from home

Work from home Full-time role

Entry-Level Remote Online Chat Support Specialist – Flexible Home‑Based Customer Service Role with careerzynith

Work from home Full-time role

Experienced Remote Call Center Manager – Live Chat Support & Customer Service Operations Leader

Work from home Full-time role

HR Generalist | Transitions Elite Inc. | Remote (US)

Work from home Full-time role

Part-Time Receptionist (Remote) – Phones & Student Scheduling - Contract to Hire

Work from home Full-time role

Salesforce Admin

Work from home Full-time role

Vaccine Customer Representative – Ann Arbor, MI

Work from home Full-time role

Senior Amazon Connect Developer

Work from home Full-time role

Remote New Member Onboarding Trainee (Entry Level)

Work from home Full-time role

Risk and Fraud Analyst, Gaming

Work from home Full-time role

Music Writer

Work from home Full-time role

Project Manager, Construction job at EJF Real Estate Services in Washington, DC

Work from home Full-time role