PitchMeAI
Sensiba LLP

GRC Analyst III, ISO 27001

Sensiba LLP · Ireland

  • Hybrid
  • Full-time
  • $85,000 / year
  • Ireland

Job highlights

  • Execute ISO 27001 certification and ISMS engagements.
  • Assess and test information security controls.
  • Support risk management and compliance programs.
  • Advise clients on security operations and governance.
  • Collaborate with IT, security, and compliance teams.

About the role

GRC Analyst III ISO 27001

Sensiba LLP is seeking a GRC Analyst III with expertise in ISO 27001 to join our Governance, Risk & Compliance team in Ireland.

Job Overview

This role focuses on supporting and executing ISO-based information security engagements, with a strong emphasis on ISO 27001 Information Security Management Systems (ISMS) implementation, readiness, and certification. You will be instrumental in delivering ISO 27001, ISO 27701, and emerging standards like ISO 42001 engagements, and will also contribute to SOC 2 assessments. The ideal candidate views ISO 27001 as a comprehensive management system, not just a checklist, understanding its roots in risk assessment, governance, continuous improvement, and organizational alignment. This position combines technical auditing, structured risk evaluation, and advisory support to help clients build robust and scalable compliance programs.

Key Responsibilities

  • ISO 27001 Engagement Execution: Conduct ISO 27001 readiness and certification support, including ISMS scoping, risk assessment review, and Annex A control evaluation.
  • Lead workstreams for ISO 27001/27701/42001 engagements under supervision.
  • Review Statement of Applicability (SoA) and evaluate control implementation.
  • Assess client risk assessment methodologies for ISO 27001 alignment.
  • Evaluate the design and operational effectiveness of security controls.
  • Support clients preparing for Stage 1 and Stage 2 certification audits.
  • ISMS & Risk Management Support: Examine information security policies, procedures, and governance for ISO management system alignment.
  • Review and document enterprise and system-level risk assessments.
  • Assess risk treatment plans and monitor remediation.
  • Support internal audit programs aligned with ISO 27001.
  • Identify improvements for continuous monitoring within the ISMS.
  • Control Testing & Technical Evaluation: Review, document, and test logical access, change management, vendor risk, security operations, and incident response controls.
  • Test application and automated controls across client systems and SaaS platforms.
  • Assess cloud and hybrid infrastructure environments.
  • Support SOC 2 engagements where ISO and SOC control environments overlap.
  • Client Advisory & Relationship Development: Build relationships with client stakeholders in security, IT, and compliance.
  • Communicate findings, including risk implications and recommendations.
  • Provide practical guidance on aligning security operations with ISO requirements.
  • Support clients in maturing governance and compliance programs.

Skills, Knowledge, and Expertise

  • Bachelor’s degree required (MIS, Information Systems, IT, Cybersecurity, or related field preferred).
  • 2–4+ years of experience in IT audit, information security, or GRC.
  • Proven experience supporting ISO 27001 engagements, certification audits, or ISMS implementation.
  • Working knowledge of: ISO 27001 clauses and Annex A controls, risk assessment and treatment methodologies, IT General Controls (ITGCs), information security principles, and governance frameworks.
  • Experience conducting control testing and documenting workpapers.
  • Strong written documentation skills for policy and ISMS-related documents.
  • Experience working collaboratively within engagement teams.
  • Preferred Qualifications:
  • ISO 27001 Lead Auditor or Lead Implementer certification.
  • Experience with ISO 27701 or ISO 42001.
  • Experience supporting SOC 2 engagements.
  • Familiarity with readiness/automation platforms (e.g., Drata, Vanta).
  • Relevant professional certifications (e.g., CISA, CIPP).

Benefits

Join Sensiba LLP for generous benefits, competitive compensation, professional advancement, and a supportive culture. We offer a work environment that balances professional success with personal life. Benefits include comprehensive health coverage (medical, dental, vision), generous paid time off (vacation, sick, holidays, parental, volunteer days), flexible work arrangements (hybrid/remote, flexible hours), performance-based bonuses, professional development opportunities (tuition, certifications, mentorship), clear career growth paths, and an inclusive culture with DEI initiatives and wellness programs.

Key skills/competency

  • ISO 27001
  • GRC Analyst
  • Information Security Management System (ISMS)
  • Risk Assessment
  • Control Testing
  • IT Audit
  • Compliance
  • Information Security
  • Governance
  • Cybersecurity

Skills & topics

  • GRC Analyst
  • ISO 27001
  • Information Security
  • Risk Management
  • IT Audit
  • Compliance
  • ISMS
  • Cybersecurity
  • Governance
  • Control Testing

How to get hired

  • Tailor your resume: Highlight your experience with ISO 27001, ISMS implementation, risk assessment, and control testing, using keywords from the job description.
  • Showcase your expertise: Emphasize your understanding of ISO 27001 as a management system, not just a checklist, and your ability to conduct technical audits and risk evaluations.
  • Quantify achievements: Provide examples of successful engagements, risk mitigation, or ISMS maturation you have supported, quantifying results where possible.
  • Prepare for interviews: Be ready to discuss your experience with ISO standards, control testing methodologies, and client advisory scenarios for the GRC Analyst III role.
  • Research Sensiba LLP: Understand their culture, values, and recent work in GRC and cybersecurity to align your application and interview responses.

Technical preparation

Master ISO 27001 clauses and Annex A controls.,Practice risk assessment and treatment methodologies.,Familiarize with IT General Controls (ITGCs).,Review cloud security and hybrid environments.

Behavioral questions

Describe managing client relationships in GRC engagements.,How do you approach control testing effectiveness?,Explain your process for risk assessment documentation.,How do you ensure ISMS alignment with business goals?

Frequently asked questions

What specific ISO standards are most critical for the GRC Analyst III role at Sensiba LLP?
The GRC Analyst III role at Sensiba LLP heavily emphasizes ISO 27001 for Information Security Management Systems (ISMS). Experience with ISO 27701 (privacy) and ISO 42001 (AI management) is also highly valued, along with familiarity with SOC 2 assessments.
What level of experience is expected for a GRC Analyst III at Sensiba LLP?
Sensiba LLP typically looks for candidates with 2-4+ years of experience in IT audit, information security, or GRC. Proven experience in supporting ISO 27001 engagements, including ISMS implementation or certification audits, is a key requirement.
Does Sensiba LLP require specific certifications for the GRC Analyst III position?
While not strictly required, Sensiba LLP prefers candidates with an ISO 27001 Lead Auditor or Lead Implementer certification. Other relevant certifications like CISA, CIPP, or similar are also beneficial for this GRC Analyst III role.
What are the typical work arrangements for a GRC Analyst III at Sensiba LLP?
Sensiba LLP offers flexible work arrangements, including hybrid and remote options, along with flexible hours, for roles like the GRC Analyst III. This allows for a good work-life balance.
How does Sensiba LLP view ISO 27001 beyond a compliance checklist for GRC Analyst III candidates?
Sensiba LLP values candidates who understand ISO 27001 as a dynamic management system rooted in risk assessment, governance, continuous improvement, and organizational alignment. The ideal GRC Analyst III will focus on building sustainable compliance programs, not just ticking boxes.
What kind of technical skills are essential for the GRC Analyst III role in Ireland?
Essential technical skills include a strong working knowledge of ISO 27001 clauses and Annex A controls, risk assessment methodologies, IT General Controls (ITGCs), and information security principles. Experience in control testing across various IT environments, including cloud, is also crucial.
Can candidates without direct ISO 27001 Lead Auditor certification still apply for the GRC Analyst III position at Sensiba LLP?
Yes, candidates without a Lead Auditor or Lead Implementer certification can still apply if they possess strong experience supporting ISO 27001 engagements and a solid understanding of ISMS principles. The company values practical experience and a commitment to professional development.