Key skills
AWSAzureCloudGoogle Cloud PlatformGoAnalyticsGCPGoogle CloudIdentity ManagementSaaSLeadershipChange ManagementCommunicationPresentation SkillsSales
About this role
Role Overview
- Lead ISO 27001 readiness engagements, Stage 1 / Stage 2 Certification audits, Surveillance audits, and Recertification audits in accordance with ISO/IEC 27001:2022.
- Own engagement planning, scoping, timelines, client relationships, and execution across multiple concurrent ISO 27001 clients.
- Audit clients on ISMS design, control selection, and implementation aligned to ISO 27001 Clauses and Annex A controls and organizational risk context.
- Serve as an internal and external subject matter expert on GRC and compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar tools) in the context of ISO 27001.
- Configure and optimize client platform environments, including:
- ISO 27001 control mapping to Annex A and organizational risk register
- Evidence workflows and documentation management
- Automated integrations (cloud providers, ticketing systems, HRIS, code repositories, etc.)
- Continuous monitoring settings aligned to ISMS objectives
- Review automated control outputs and exception reporting to ensure audit defensibility.
- Identify opportunities to improve automation coverage and reduce manual evidence collection.
- Partner with clients to mature their ISMS operations using platform analytics and reporting.
- Review, document, and test IT general controls (logical access, change management, system operations) mapped to ISO 27001 Annex A domains.
- Evaluate technical and organizational controls within SaaS, cloud-native, and hybrid environments.
- Assess controls over infrastructure environments (AWS, Azure, GCP), identity management, and DevOps workflows in alignment with ISO 27001 requirements.
- Validate evidence sufficiency and completeness within compliance platforms to support certification conclusions.
- Support risk assessment and risk treatment processes central to ISMS implementation.
- Serve as primary point of contact for ISO 27001 clients, including executive-level stakeholders.
- Present audit findings, risk insights, and general advisory recommendations to client leadership.
- Provide general advisory to high-growth SaaS and technology clients on building scalable, certification-ready ISMS programs.
- Support sales and go-to-market efforts for ISO 27001 services, including scoping and technical input on proposals.
- Mentor junior analysts on ISO 27001 methodology, platform navigation, and control testing best practices.
- Contribute to the refinement of ISO 27001 templates, testing programs, risk assessment frameworks, and platform playbooks.
- Identify efficiencies to standardize and scale ISO 27001 engagements across the practice.
- Support training initiatives to elevate internal ISO 27001 platform expertise.
**
Requirements
- 4+ years of experience in ISO 27001, IT audit, or GRC, preferably within public accounting or consulting.
- Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field; advanced degree a plus.
- Demonstrated experience leading ISO 27001 certification engagements (Stage 1 and Stage 2).
- Hands-on experience administering or auditing within GRC/compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar) in an ISO 27001 context.
- Deep understanding of:
- ISO/IEC 27001:2022 standard and Annex A controls
- ISMS risk assessment and risk treatment methodologies
- IT General Controls (ITGCs)
- Cloud environments (AWS, Azure, GCP)
- SaaS operational environments
- Experience reviewing automated evidence and continuous monitoring outputs in support of certification.
- Strong client advisory and presentation skills, including executive-level communication.
- Ability to manage multiple engagements in fast-paced, high-growth environments.
Preferred:
- Experience working with venture-backed or high-growth SaaS companies.
- Familiarity with adjacent frameworks (SOC 2, NIST CSF, ISO 27701, ISO 27017/27018).
- Experience with ISO 27001 internal auditor or lead auditor programs.
- Professional certifications such as ISO 27001 Lead Auditor/Lead Implementer, CISA, CISSP, CISM, or CRISC.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
Benefits
There are many reasons to join the Sensiba team: generous benefits, competitive compensation, professional advancement opportunities, and above all — our people. If you're looking for an environment that offers you growth, success, and professionalism without compromising your family, passions, and life outside of work, apply today! **** Sensiba has a robust offering of benefits, including:
- Comprehensive Health Coverage – Medical, dental, and vision.
- **Generous Paid Time Off **– Vacation, sick time, holidays, parental leave and volunteer days.
- Flexible Work Arrangements – Hybrid or remote options, flexible hours.
- Performance-Based Bonus – Recognition for your contributions through discretionary bonuses.
- Professional Development Opportunities – Tuition reimbursement, certifications, mentorship.
- Career Growth & Internal Mobility – Clear paths for advancement and role transitions.
- Inclusive & Supportive Culture – DEI initiatives, employee resource groups, wellness programs.