ISO 27001 expert to take SaaS company from zero to certification using open-source GRC platform
6 hours ago
Job description
We are a SaaS company starting from zero and preparing for ISO 27001 certification from the ground up.
We are looking for a hands on ISO 27001 expert who can set up a complete ISMS quickly and cost effectively using an open source GRC or ISMS platform such as Eramba, verinice, or a comparable solution.
The platform must include structured ISO 27001 templates, and you must know how to use and adapt those templates to our real company situation.
The ISO 27001 certification will be conducted by an accredited certification body under UKAS or DAkkS.Your responsibility is to take us from zero to successful Stage 2 audit readiness.
This includes defining the exact ISMS scope, performing a full gap analysis, establishing risk assessment and risk treatment processes, implementing Annex A controls, setting up required documentation, internal audit, management review, and corrective action processes, and preparing the entire organization for certification.
You must be able to translate ISO 27001:2022 requirements into operational processes inside the selected open source platform and adjust documentation to match both the standard and the company's actual setup.
You are also expected to define the certification scope clearly, communicate with certification bodies, and support selecting and negotiating pricing with the auditing company that will perform Stage 1 and Stage 2 audits.
We require proven experience taking at least one SaaS company from zero to ISO 27001 certification, deep hands on expertise with at least one open source ISO 27001 platform, and direct involvement in Stage 1 and Stage 2 audits.
Mandatory skills:
ISO 27001, GDPR Compliance Review, Information Security, Network Security, Compliance Consultation, Risk Assessment, IT Compliance Audit, GDPR, SaaS
Similar jobs
SaaS Developer Needed – GRC/Compliance Platform
Only for registered members
I have built a multi-tenant data protection platform called Assura designed for data protection officers and compliance teams. · ...
2 days ago
SaaS GRC Banking Platforms Pricing Consultant Needed
Only for registered members
We are seeking an experienced pricing consultant specializing in SaaS GRC banking platforms. · Assist in developing competitive pricing strategies for an enterprise contract. · ...
1 day ago
UI/UX Designer Needed for GRC Platform Redesign
Only for registered members
I am a single developer seeking a talented UI/UX designer to help me to enhance the user experience of the Governance, Risk, and Compliance (GRC) platform. · Ability to take what is already 'there' and adopt the UX without complete overhaul · A strong understanding of usercentere ...
3 weeks ago
PHP Developer Needed to Customise Open-Source GRC Platform
Only for registered members
Job summary · We are seeking an experienced PHP full-stack developer to lead the build and delivery of the Securos Compliance Platform MVP — a commercial SaaS product based on Eramba Community Edition.The objective is to deliver a single-tenant, production-quality MVP that enable ...
1 month ago
This role focuses on building a long-term GRC strategy and roadmap within the Servicenow platform to ensure scalable efficient and compliant business processes. · ...
1 month ago
Platform Development for Information Security Governance, Risk, and Compliance Training
Only for registered members
We are looking for a developer to create an interactive platform focused on Information Security Governance, Risk and Compliance (GRC) through simulated learning environments. · ...
1 week ago
WeareseekinganexperiencedGRCAnalyst/GRCProfessionaltoparticipateinliveinteractiveQ&AsessionwithagroupofhighlyengagedcybersecurityandGRCoprofessionals.GRCframeworksyou'veworkedwith(e.g.NIST,ISO,SOC,PCIDSSetc.) · Toolspatformsusedinyourrole(GRCTools,ticketingsystems,sheetsetc.) · B ...
1 week ago
We are looking for an experienced GRC professional to provide independent review and second opinion on an ongoing GRC consulting engagement. This is a limited-scope, hourly consulting role. · A fresh perspective on current GRC program recommendations from my primary consultant. · ...
1 month ago
A GRC specialist with expertise in Azure manages access authorization for public cloud resources in Toronto. · ...
1 day ago
We simplify complex frameworks like SOC 2, ISO 27001, HIPAA, NIST, and GDPR, · while managing ongoing security operations such as vendor risk assessments, · vulnerability scanning, · and user onboarding/offboardingDesign and oversee controls for frameworks like SOC 2, · IISO 2700 ...
1 month ago
Telecaller (Part-Time) – GRC Consultant Onboarding for K Protect
Only for registered members
We are looking for part-time telecallers to speak with GRC consultants (database will be provided). · Make outbound calls to GRC consultants and auditors. · Introduce K-Protect and explain the benefits of joining our partner ecosystem. · ...
1 month ago
This role has been designed as 'Hybrid' with an expectation that you will work on average 2 days per week from an HPE office. · ...
1 week ago
We are seeking a dedicated Sr. Application Developers with 4 to 6 years of experience to join our team.This role involves developing and implementing solutions that enhance our ServiceNow platform contributing to the company's mission of delivering innovative technology solutions ...
1 month ago
This role has been designed as 'Hybrid' with an expectation that you will work on average 2 days per week from an HPE office. · We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, · so they can turn insights ...
3 weeks ago
We're looking for an experienced Security GRC Specialist to join our growing Security GRC team. · Reporting to the Director of Security Governance, Risk & Compliance (GRC), the Security GRC Specialist will be responsible to govern the risk management lifecycle, including monitori ...
3 days ago
Diligent is looking for an experienced GRC Advisor to join the team and work on Key accounts to drive adoption and retention and identify areas for expansion within our platform. · ...
1 month ago
+This role has been designed as ‘Hybrid’ with an expectation that you will work on average 2 days per week from an HPE office. · +Administer and maintain the GRC platform, including configurations, workflows, and reporting dashboards. · Support the integration of the GRC tool wit ...
3 weeks ago
Diligent is looking for an experienced GRC Advisor to join the team and work on Key accounts to drive adoption and retention and identify areas for expansion within our platform. · ...
1 month ago
The Security Governance Analyst position is responsible for coordinating internal and external audits and driving remediation efforts to ensure compliance with regulatory and organizational standards. · This role also supports the execution of the Security Awareness Program and l ...
3 weeks ago
Provide end-to-end support for enterprise tools including JIRA, GitHub, Workfront, Kronos, MetricStream (GRC), and Azure DevOps. · ...
4 weeks ago