GRC Infosec Senior Analyst (ISO 27001) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Identify Security ยท 1 week ago

GRC Infosec Senior Analyst (ISO 27001)

positionTwin Cities Area
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

Identify Security is seeking a senior GRC operator to manage compliance and assurance workflows in a regulated environment. The role involves overseeing ISO 27001 ISMS operations, customer assurance, and governance related to access controls and data protection.

Cloud SecurityConsultingCyber SecurityNetwork Security

Responsibilities

Operate and continuously improve the ISO 27001 ISMS : internal audit cadence, management reviews, risk assessments, SoA maintenance , and evidence readiness
Lead external assurance requests : customer security questionnaires, RFP/security responses, contract security reviews, and third-party assurance support
Drive audit readiness cycles (e.g., SOC 2 / ISO / customer audits as applicable): planning/scoping, evidence collection, control narratives, issue tracking, and remediation follow-through
Govern IAM compliance oversight : recurring access certifications (privileged/service/user), restricted-access reviews, and authorization governance in partnership with IAM/IT
Support data protection governance : post-implementation DLP compliance oversight, exception handling, and continuous improvement in partnership with technical owners
Run the security awareness program : annual plan, required training content, completion tracking, and evidence capture
Maintain defensible documentation aligned to internal standards, contractual obligations, and applicable regulatory requirements

Qualification

ISO 27001 ISMSGRC complianceAudit readinessMicrosoft 365AzureRisk assessmentsCustomer assurance workflowsGRC tooling

Required

5+ years in GRC / security compliance / audit / risk (senior analyst or program operator level)
Demonstrated ownership of an ISO 27001-aligned ISMS (internal audits, management reviews, risk register/risk treatment, SoA discipline)
Direct experience owning customer assurance workflows (questionnaires/RFP responses, evidence packs, contract-driven reviews)
Comfortable working in Microsoft 365 / Azure / Windows + SaaS control environments (you don't need to be an engineer, but you must understand control realities)
Strong writing: clear, concise, defensible responses that survive audit and customer scrutiny

Preferred

ISO 27001:2022 transition experience (or formal auditor/implementer training)
Experience in high-confidentiality, contract-driven environments
GRC tooling and reporting: evidence libraries, control testing workflows, metrics/dashboards

Company

Identify Security

twittertwittertwitter
company-logo
Cybersecurity, hourly, fractional, consulting, FTE,
dateFounded in 2017
location
Milwaukee, Wisconsin, USA
people-size11-50 employees
web-link
https://www.identifysecurity.com

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Joel Abraham
Vice President & CoFounder
linkedin
Company data provided by crunchbase