Senior GRC Analyst II, ISO 27001

🔥 2 hours ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Sensiba LLP

WebsiteLinkedInAll Job Openings

501 - 1000 employees

🤝 B2B

📋 Compliance

🔒 Cybersecurity

B2B • Compliance • Cybersecurity

Sensiba LLP is a U. S. -based accounting and business consulting firm that provides audit & assurance, tax, consulting, governance, risk & compliance (GRC), cybersecurity assessments (including penetration testing), software advisory, and sustainability/ESG services. The firm serves mid-market and enterprise clients across industries such as technology, venture capital, real estate, construction, manufacturing, agribusiness, hospitality, and local government. As a Certified B Corporation, Sensiba emphasizes people-first culture, social and environmental impact, and technical expertise to help organizations manage risk, achieve compliance, and support sustainable growth.

📋 Description

• Lead ISO 27001 readiness engagements, Stage 1 / Stage 2 Certification audits, Surveillance audits, and Recertification audits in accordance with ISO/IEC 27001:2022. • Own engagement planning, scoping, timelines, client relationships, and execution across multiple concurrent ISO 27001 clients. • Audit clients on ISMS design, control selection, and implementation aligned to ISO 27001 Clauses and Annex A controls and organizational risk context. • **** • Serve as an internal and external subject matter expert on GRC and compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar tools) in the context of ISO 27001. • Configure and optimize client platform environments, including: • - ISO 27001 control mapping to Annex A and organizational risk register • - Evidence workflows and documentation management • - Automated integrations (cloud providers, ticketing systems, HRIS, code repositories, etc.) • - Continuous monitoring settings aligned to ISMS objectives • Review automated control outputs and exception reporting to ensure audit defensibility. • Identify opportunities to improve automation coverage and reduce manual evidence collection. • Partner with clients to mature their ISMS operations using platform analytics and reporting. • Review, document, and test IT general controls (logical access, change management, system operations) mapped to ISO 27001 Annex A domains. • Evaluate technical and organizational controls within SaaS, cloud-native, and hybrid environments. • Assess controls over infrastructure environments (AWS, Azure, GCP), identity management, and DevOps workflows in alignment with ISO 27001 requirements. • Validate evidence sufficiency and completeness within compliance platforms to support certification conclusions. • Support risk assessment and risk treatment processes central to ISMS implementation. • Serve as primary point of contact for ISO 27001 clients, including executive-level stakeholders. • Present audit findings, risk insights, and general advisory recommendations to client leadership. • Provide general advisory to high-growth SaaS and technology clients on building scalable, certification-ready ISMS programs. • Support sales and go-to-market efforts for ISO 27001 services, including scoping and technical input on proposals. • Mentor junior analysts on ISO 27001 methodology, platform navigation, and control testing best practices. • Contribute to the refinement of ISO 27001 templates, testing programs, risk assessment frameworks, and platform playbooks. • Identify efficiencies to standardize and scale ISO 27001 engagements across the practice. • Support training initiatives to elevate internal ISO 27001 platform expertise. • **

🎯 Requirements

• 4+ years of experience in ISO 27001, IT audit, or GRC, preferably within public accounting or consulting. • Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field; advanced degree a plus. • Demonstrated experience leading ISO 27001 certification engagements (Stage 1 and Stage 2). • Hands-on experience administering or auditing within GRC/compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar) in an ISO 27001 context. • Deep understanding of: • - ISO/IEC 27001:2022 standard and Annex A controls • - ISMS risk assessment and risk treatment methodologies • - IT General Controls (ITGCs) • - Cloud environments (AWS, Azure, GCP) • - SaaS operational environments • Experience reviewing automated evidence and continuous monitoring outputs in support of certification. • Strong client advisory and presentation skills, including executive-level communication. • Ability to manage multiple engagements in fast-paced, high-growth environments. • **Preferred:** • Experience working with venture-backed or high-growth SaaS companies. • Familiarity with adjacent frameworks (SOC 2, NIST CSF, ISO 27701, ISO 27017/27018). • Experience with ISO 27001 internal auditor or lead auditor programs. • Professional certifications such as ISO 27001 Lead Auditor/Lead Implementer, CISA, CISSP, CISM, or CRISC.

🏖️ Benefits

• There are many reasons to join the Sensiba team: generous benefits, competitive compensation, professional advancement opportunities, and above all — our people. If you're looking for an environment that offers you growth, success, and professionalism without compromising your family, passions, and life outside of work, apply today! **** • Sensiba has a robust offering of benefits, including: • - **Comprehensive Health Coverage** – Medical, dental, and vision. • - **Generous Paid Time Off **– Vacation, sick time, holidays, parental leave and volunteer days. • - **Flexible Work Arrangements** – Hybrid or remote options, flexible hours. • - **Performance-Based Bonus** – Recognition for your contributions through discretionary bonuses. • - **Professional Development Opportunities** – Tuition reimbursement, certifications, mentorship. • - **Career Growth & Internal Mobility** – Clear paths for advancement and role transitions. • - **Inclusive & Supportive Culture** – DEI initiatives, employee resource groups, wellness programs.