Senior GRC Analyst II, ISO 27001

Sensiba

4d•Hybrid

About The Position

The Senior GRC Analyst II – ISO 27001 will serve as a technical leader and subject matter expert focused on ISO 27001 readiness and certification engagements, with deep specialization in ISO 27001 compliance platforms and GRC tooling (e.g., Drata, Vanta, Secureframe, OneTrust, ServiceNow GRC, etc.). This role is responsible for leading complex ISO 27001 engagements from certification through certification maintenance, driving platform optimization for clients, and serving as a strategic auditor on ISMS design, control analysis, and automation. The Senior Analyst II combines strong technical knowledge of ISO 27001, ITGCs, and cloud environments with hands-on expertise configuring and managing compliance platforms to streamline evidence collection, continuous monitoring, and audit execution. This individual will lead multiple ISO 27001 engagements simultaneously, mentor junior team members, enhance ISO 27001 methodologies and platform integrations, and strengthen client relationships through proactive, insight-driven auditing. The role plays a critical part in scaling Sensiba’s ISO 27001 practice by improving efficiency, automation, and client experience. Only candidates in Ireland will be considered at this time.

Requirements

4+ years of experience in ISO 27001, IT audit, or GRC, preferably within public accounting or consulting.
Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field; advanced degree a plus.
Demonstrated experience leading ISO 27001 certification engagements (Stage 1 and Stage 2).
Hands-on experience administering or auditing within GRC/compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar) in an ISO 27001 context.
Deep understanding of: ISO/IEC 27001:2022 standard and Annex A controls, ISMS risk assessment and risk treatment methodologies, IT General Controls (ITGCs), Cloud environments (AWS, Azure, GCP), SaaS operational environments.
Experience reviewing automated evidence and continuous monitoring outputs in support of certification.
Strong client advisory and presentation skills, including executive-level communication.
Ability to manage multiple engagements in fast-paced, high-growth environments.

Nice To Haves

Experience working with venture-backed or high-growth SaaS companies.
Familiarity with adjacent frameworks (SOC 2, NIST CSF, ISO 27001, ISO 27017/27018).
Experience with ISO 27001 internal auditor or lead auditor programs.
Professional certifications such as ISO 27001 Lead Auditor/Lead Implementer, CISA, CISSP, CISM, or CRISC.

Responsibilities

Lead ISO 27001 readiness engagements, Stage 1 / Stage 2 Certification audits, Surveillance audits, and Recertification audits in accordance with ISO/IEC 27001:2022.
Own engagement planning, scoping, timelines, client relationships, and execution across multiple concurrent ISO 27001 clients.
Audit clients on ISMS design, control selection, and implementation aligned to ISO 27001 Clauses and Annex A controls and organizational risk context.
Serve as an internal and external subject matter expert on GRC and compliance automation platforms (e.g., Drata, Vanta, Secureframe, OneTrust, or similar tools) in the context of ISO 27001.
Configure and optimize client platform environments, including: ISO 27001 control mapping to Annex A and organizational risk register, Evidence workflows and documentation management, Automated integrations (cloud providers, ticketing systems, HRIS, code repositories, etc.), Continuous monitoring settings aligned to ISMS objectives.
Review automated control outputs and exception reporting to ensure audit defensibility.
Identify opportunities to improve automation coverage and reduce manual evidence collection.
Partner with clients to mature their ISMS operations using platform analytics and reporting.
Review, document, and test IT general controls (logical access, change management, system operations) mapped to ISO 27001 Annex A domains.
Evaluate technical and organizational controls within SaaS, cloud-native, and hybrid environments.
Assess controls over infrastructure environments (AWS, Azure, GCP), identity management, and DevOps workflows in alignment with ISO 27001 requirements.
Validate evidence sufficiency and completeness within compliance platforms to support certification conclusions.
Support risk assessment and risk treatment processes central to ISMS implementation.
Serve as primary point of contact for ISO 27001 clients, including executive-level stakeholders.
Present audit findings, risk insights, and general advisory recommendations to client leadership.
Provide general advisory to high-growth SaaS and technology clients on building scalable, certification-ready ISMS programs.
Support sales and go-to-market efforts for ISO 27001 services, including scoping and technical input on proposals.
Mentor junior analysts on ISO 27001 methodology, platform navigation, and control testing best practices.
Contribute to the refinement of ISO 27001 templates, testing programs, risk assessment frameworks, and platform playbooks.
Identify efficiencies to standardize and scale ISO 27001 engagements across the practice.
Support training initiatives to elevate internal ISO 27001 platform expertise.

Benefits

Comprehensive Health Coverage – Medical, dental, and vision.
Generous Paid Time Off – Vacation, sick time, holidays, parental leave and volunteer days.
Flexible Work Arrangements – Hybrid or remote options, flexible hours.
Performance-Based Bonus – Recognition for your contributions through discretionary bonuses.
Professional Development Opportunities – Tuition reimbursement, certifications, mentorship.
Career Growth & Internal Mobility – Clear paths for advancement and role transitions.
Inclusive & Supportive Culture – DEI initiatives, employee resource groups, wellness programs.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume