GRC Consultant (12 month contract)

DeviceAtlas, the leader in device intelligence solutions, is seeking an expert resource to initiate and spearhead the company’s program to ensure compliance with information security frameworks such as DORA, SOC2, ISO 27001. This role focuses on managing the implementation project, internal audits, regulatory compliance, and readiness for external audits.

Scope of work:

• Serve as the primary subject matter expert on compliance, providing guidance and support to stakeholders across the organization.

• Audit Preparation: Assist internal control owners in scoping appropriate evidence and preparing for external audits.

• Gap Assessments: Facilitate and/or conduct internal gap assessments and audit readiness evaluations for frameworks such as ISO 27001, SOC2, and DORA.

• Control Documentation: Develop and maintain control narratives, walkthroughs, and documentation of compliance processes.

• Audit Findings: Identify control deficiencies and work with stakeholders to develop cost-effective, value-added remediation actions.

• Compliance Reporting: Draft audit reports and present findings to management during status updates and closing meetings.

• External Audit Coordination: Collaborate with external audit teams to streamline processes and provide requested documentation and evidence.

• Policy and Procedure Development: Lead our efforts to create and refine policies and operational procedures to align with audit and compliance objectives.

• Vulnerability Management: Support the tracking and remediation of vulnerabilities in coordination with Operations teams.

Qualifications:

• Strong expertise in audit and compliance frameworks, like ISO 27001, DORA, SOC2, GDPR, etc.

• Hands-on experience in internal and external audits, compliance assessments, and process improvement.

• Experience drafting policy and process documents

• Basic understanding of cybersecurity risks and how to mitigate against them

• Project management experience

• Exceptional analytical, collaboration, and communication skills.

This is a temporary contract of up to 12 month duration. Hybrid schedule.