Information security consultant / IT audit manager @ TechMagic

• Experience: 4–7+ years in GRC, IT audit, or compliance, with a proven track record of successfully completing at least two end-to-end ISO 27001 and/or SOC 2 programs.
• Primary Stack: Deep expertise in ISO/IEC 27001:2022, SOC 2, NIST CSF 2.0, and OWASP ASVS/SAMM/DSOMM.
• Cloud & Compliance: Strong knowledge of cloud security best practices on AWS/Azure/GCP and a solid understanding of HITRUST, GDPR, and HIPAA.
• Tools: Hands-on experience with GRC platforms like Drata, Vanta, or Secureframe.
• English: Upper-Intermediate or Advanced level proficiency.

We are seeking a Senior Information Security Consultant / IT Audit Manager to join our TechMagic team. You will work on a diverse portfolio of clients, providing expert guidance on their security and compliance journeys. This is a full-time, remote position, and we are looking for a highly skilled professional with a strong background in GRC and IT audit.

Work Schedule

Full-time working day in our Lviv or Kyiv office, (flexible hours) or full-time remote

Interview Stages

• 1st stage - call with Recruiter
• 2nd stage - Technical interview

Our Benefits

• Opportunity to improve your skills in stong technical team
• Work from anywhere (fully remotely or in our office) 
• Paid vacations and sick leaves, additional days off, relocation bonus;
• Wellness: Medical insurance/sports compensation/ health check-up+flu vaccination at your choice
• Education: regular tech talks, educational courses, paid certifications, English classes;
• Fun: own football team, budget for team lunches, branded gifts
• One of the best IT employers in Lviv based on DOU rating.

,[Lead GRC Engagements: You will manage end-to-end ISO 27001, SOC 2, and HITRUST readiness projects. This includes everything from gap assessments and risk analysis to coaching clients on implementation and providing support during external audits., Act as a vCISO: Serve as a fractional vCISO for our clients, taking ownership of their security roadmaps, risk registers, security awareness programs, and reporting to executive leadership and boards., Implement and Manage ISMS: Build and maintain Information Security Management Systems (ISMS), handling all aspects from policy lifecycle management and internal audits to continual improvement., Drive Risk Management: Conduct enterprise risk assessments and facilitate threat modeling to proactively identify and mitigate security risks., Consult on Core Security Practices: Advise clients on key security practices, including secure SDLC, change management, incident response, and business continuity planning, with a focus on cloud security in AWS, Azure, and GCP.] Requirements: AWS, ISO 27001, SOC 2, NIST CSF 2.0, OWASP ASVS/SAMM/DSOMM, AWS/Azure/GCP, HITRUST, CISSP, CISM, or CISA, Microsoft SSPA/DPR and NIS2/DORA, SIEM/SOC Additionally: Sport subscription, Training budget, Private healthcare, International projects, In-house trainings, Modern office.

Kategorie

security

Odpovědět na inzerát