Senior GRC Analyst II, ISO 27001

Sensiba LLP

Senior GRC Analyst II leading ISO 27001 compliance engagements and platform optimizations for clients. Mentoring junior team members to enhance ISO 27001 practices with Sensiba.

Posted 6/22/2026full-timeRemote • 🇮🇪 IrelandSeniorWebsite

Tech Stack

Tools & technologies

AWSAzureCloudGoogle Cloud Platform

About the role

Key responsibilities & impact

Lead ISO 27001 readiness engagements, Stage 1 / Stage 2 Certification audits, Surveillance audits, and Recertification audits in accordance with ISO/IEC 27001:2022.
Own engagement planning, scoping, timelines, client relationships, and execution across multiple concurrent ISO 27001 clients.
Audit clients on ISMS design, control selection, and implementation aligned to ISO 27001 Clauses and Annex A controls and organizational risk context.
****
Serve as an internal and external subject matter expert on GRC and compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar tools) in the context of ISO 27001.
Configure and optimize client platform environments, including:
- ISO 27001 control mapping to Annex A and organizational risk register
- Evidence workflows and documentation management
- Automated integrations (cloud providers, ticketing systems, HRIS, code repositories, etc.)
- Continuous monitoring settings aligned to ISMS objectives
Review automated control outputs and exception reporting to ensure audit defensibility.
Identify opportunities to improve automation coverage and reduce manual evidence collection.
Partner with clients to mature their ISMS operations using platform analytics and reporting.
Review, document, and test IT general controls (logical access, change management, system operations) mapped to ISO 27001 Annex A domains.
Evaluate technical and organizational controls within SaaS, cloud-native, and hybrid environments.
Assess controls over infrastructure environments (AWS, Azure, GCP), identity management, and DevOps workflows in alignment with ISO 27001 requirements.
Validate evidence sufficiency and completeness within compliance platforms to support certification conclusions.
Support risk assessment and risk treatment processes central to ISMS implementation.
Serve as primary point of contact for ISO 27001 clients, including executive-level stakeholders.
Present audit findings, risk insights, and general advisory recommendations to client leadership.
Provide general advisory to high-growth SaaS and technology clients on building scalable, certification-ready ISMS programs.
Support sales and go-to-market efforts for ISO 27001 services, including scoping and technical input on proposals.
Mentor junior analysts on ISO 27001 methodology, platform navigation, and control testing best practices.
Contribute to the refinement of ISO 27001 templates, testing programs, risk assessment frameworks, and platform playbooks.
Identify efficiencies to standardize and scale ISO 27001 engagements across the practice.
Support training initiatives to elevate internal ISO 27001 platform expertise.
**

Requirements

What you’ll need

4+ years of experience in ISO 27001, IT audit, or GRC, preferably within public accounting or consulting.
Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field; advanced degree a plus.
Demonstrated experience leading ISO 27001 certification engagements (Stage 1 and Stage 2).
Hands-on experience administering or auditing within GRC/compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar) in an ISO 27001 context.
Deep understanding of:
- ISO/IEC 27001:2022 standard and Annex A controls
- ISMS risk assessment and risk treatment methodologies
- IT General Controls (ITGCs)
- Cloud environments (AWS, Azure, GCP)
- SaaS operational environments
Experience reviewing automated evidence and continuous monitoring outputs in support of certification.
Strong client advisory and presentation skills, including executive-level communication.
Ability to manage multiple engagements in fast-paced, high-growth environments.
**Preferred:**
Experience working with venture-backed or high-growth SaaS companies.
Familiarity with adjacent frameworks (SOC 2, NIST CSF, ISO 27701, ISO 27017/27018).
Experience with ISO 27001 internal auditor or lead auditor programs.
Professional certifications such as ISO 27001 Lead Auditor/Lead Implementer, CISA, CISSP, CISM, or CRISC.

Benefits

Comp & perks

There are many reasons to join the Sensiba team: generous benefits, competitive compensation, professional advancement opportunities, and above all — our people. If you're looking for an environment that offers you growth, success, and professionalism without compromising your family, passions, and life outside of work, apply today! ****
Sensiba has a robust offering of benefits, including:
- **Comprehensive Health Coverage** – Medical, dental, and vision.
- **Generous Paid Time Off **– Vacation, sick time, holidays, parental leave and volunteer days.
- **Flexible Work Arrangements** – Hybrid or remote options, flexible hours.
- **Performance-Based Bonus** – Recognition for your contributions through discretionary bonuses.
- **Professional Development Opportunities** – Tuition reimbursement, certifications, mentorship.
- **Career Growth & Internal Mobility** – Clear paths for advancement and role transitions.
- **Inclusive & Supportive Culture** – DEI initiatives, employee resource groups, wellness programs.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

ISO 27001IT auditGRCISMSIT General Controlscloud environmentsSaaSrisk assessmentrisk treatmentcompliance automation

Soft Skills

client advisorypresentation skillsexecutive-level communicationengagement managementmentoringorganizational skillsanalytical skillsproblem-solvingcollaborationtime management

Certifications

ISO 27001 Lead AuditorISO 27001 Lead ImplementerCISACISSPCISMCRISC