Department: Governance, Risk & Compliance
Location: Ireland
Description
The GRC Analyst III – ISO 27001 will support and execute ISO-based information security engagements, with an emphasis on ISO 27001 Information Security Management Systems (ISMS) implementation, readiness, and certification support. This role plays a key part in delivering ISO 27001, ISO 27701, and emerging standards such as ISO 42001 engagements, while also supporting SOC 2 assessments where appropriate. The Analyst III will lead core workstreams within engagements, perform detailed control testing, and guide clients through risk assessment, control implementation, and ISMS maturation. The ideal candidate understands that ISO 27001 is not just a checklist—but a management system rooted in risk assessment, governance, continuous improvement, and organizational alignment. This role blends technical auditing, structured risk evaluation, and advisory support to help clients build sustainable, scalable compliance programs.
Key Responsibilities
ISO 27001 Engagement Execution
Execute ISO 27001 readiness and certification support engagements, including ISMS scoping, risk assessment review, and Annex A control evaluation.
Lead defined workstreams within ISO 27001/27701/42001 engagements under supervision of engagement leadership.
Review Statement of Applicability (SoA) documentation and evaluate control applicability and implementation.
Assess clients’ risk assessment methodologies to ensure alignment with ISO 27001 requirements.
Evaluate design and operating effectiveness of information security controls across business and IT environments.
Support clients preparing for Stage 1 and Stage 2 certification audits.
ISMS & Risk Management Support
Evaluate information security policies, procedures, and governance structures to ensure alignment with ISO management system principles.
Review and document enterprise and system-level risk assessments.
Assess risk treatment plans and monitor remediation progress.
Support internal audit programs aligned to ISO 27001 requirements.
Identify opportunities to improve continuous monitoring and performance measurement within the ISMS.
Control Testing & Technical Evaluation
Observe, review, document, and test:
Logical access controls
Change management processes
Vendor risk management
Security operations processes
Incident response controls
Review application and automated controls across client systems and SaaS platforms.
Assess cloud and hybrid infrastructure environments where applicable.
Support SOC 2 engagements as needed, particularly where ISO and SOC control environments overlap.
Client Advisory & Relationship Development
Develop working relationships with client stakeholders across security, IT, and compliance functions.
Communicate findings clearly, including risk implications and remediation recommendations.
Provide practical guidance on aligning security operations with ISO requirements.
Support clients in maturing governance and compliance programs beyond initial certification.
Skills, Knowledge and Expertise
Bachelor’s degree required (MIS, Information Systems, IT, Cybersecurity, or related field preferred).
2–4+ years of experience in IT audit, information security, or GRC.
Experience supporting ISO 27001 engagements, certification audits, or ISMS implementation efforts.
Working knowledge of:
ISO 27001 clauses and Annex A controls
Risk assessment and risk treatment methodologies
IT General Controls (ITGCs)
Information security principles and governance frameworks
Experience conducting control testing and documenting audit workpapers.
Strong written documentation skills and comfort drafting policy and ISMS-related documentation.
Experience working collaboratively within engagement teams.
Preferred but Not Required
ISO 27001 Lead Auditor or Lead Implementer certification.
Experience with ISO 27701 (privacy extension) or ISO 42001 (AI management systems).
Experience supporting SOC 2 engagements.
Familiarity with readiness/automation platforms (e.g., Drata, Vanta).
Relevant professional certifications such as CISA, CIPP, or similar.
Benefits
There are many reasons to join the Sensiba team: generous benefits, competitive compensation, professional advancement opportunities, and above all — our people. If you're looking for an environment that offers you growth, success, and professionalism without compromising your family, passions, and life outside of work, apply today!
Sensiba has a robust offering of benefits, including:
Comprehensive Health Coverage – Medical, dental, and vision.
Generous Paid Time Off – Vacation, sick time, holidays, parental leave and volunteer days.
Flexible Work Arrangements – Hybrid or remote options, flexible hours.
Performance-Based Bonus – Recognition for your contributions through discretionary bonuses.
Professional Development Opportunities – Tuition reimbursement, certifications, mentorship.
Career Growth & Internal Mobility – Clear paths for advancement and role transitions.
Inclusive & Supportive Culture – DEI initiatives, employee resource groups, wellness programs.
#J-18808-Ljbffr