Identify Security
GRC Infosec Senior Analyst (ISO 27001)
Identify Security, Minneapolis, Minnesota, United States, 55400
Get AI-powered advice on this job and more exclusive features.
A highly respected, client-facing professional services organization is expanding its Governance, Risk & Compliance (GRC) function and hiring a hands‑on senior analyst to help run and mature an ISO‑anchored security program. This role supports client assurance, audits/certifications, and internal governance across a hybrid Microsoft + SaaS environment.
⚠️ Open to Direct Hire or Contract-to-Direct
Work authorization: U.S. Citizens or Green Card holders only (no visa sponsorship).
What you’ll own
Operate and improve the ISO 27001 ISMS (internal audits, management reviews, risk assessments, SOA updates; evidence readiness)
Lead client‑requested security assessments and contract‑driven security reviews (questionnaires, RFP/security responses, third‑party assurance)
Support audit & recertification cycles (planning, scoping, evidence collection, control narratives, remediation tracking)
Run ongoing IAM authorization compliance oversight (RBAC/PIM, privileged/service/user accounts, recurring access certifications; restricted‑access reviews as assigned)
Support post‑implementation DLP compliance oversight and continuous improvement
Help define and maintain the annual security awareness/training program
Maintain clear, defensible documentation aligned to internal standards, client obligations, and applicable regulations
What makes you a strong fit
5–10 years in GRC / information security / audit / risk
Hands‑on experience operating an ISMS aligned to ISO 27001 (2013 and/or 2022) (SOC 2 / NIST / GDPR helpful)
Real ownership of client questionnaires, vendor/service security reviews, and audit evidence packs
Comfortable in Windows + Microsoft 365/Azure + SaaS control environments
Nice to have
Security metrics/dashboards for governance reporting
If this fits, please message your resume (or LinkedIn), plus your direct vs. contract-to-direct preference and your compensation target.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Consulting and Information Technology
Industries Computer and Network Security and IT Services and IT Consulting
Location: Minneapolis, MN. Salary range: $120,000 – $155,000.
#J-18808-Ljbffr
A highly respected, client-facing professional services organization is expanding its Governance, Risk & Compliance (GRC) function and hiring a hands‑on senior analyst to help run and mature an ISO‑anchored security program. This role supports client assurance, audits/certifications, and internal governance across a hybrid Microsoft + SaaS environment.
⚠️ Open to Direct Hire or Contract-to-Direct
Work authorization: U.S. Citizens or Green Card holders only (no visa sponsorship).
What you’ll own
Operate and improve the ISO 27001 ISMS (internal audits, management reviews, risk assessments, SOA updates; evidence readiness)
Lead client‑requested security assessments and contract‑driven security reviews (questionnaires, RFP/security responses, third‑party assurance)
Support audit & recertification cycles (planning, scoping, evidence collection, control narratives, remediation tracking)
Run ongoing IAM authorization compliance oversight (RBAC/PIM, privileged/service/user accounts, recurring access certifications; restricted‑access reviews as assigned)
Support post‑implementation DLP compliance oversight and continuous improvement
Help define and maintain the annual security awareness/training program
Maintain clear, defensible documentation aligned to internal standards, client obligations, and applicable regulations
What makes you a strong fit
5–10 years in GRC / information security / audit / risk
Hands‑on experience operating an ISMS aligned to ISO 27001 (2013 and/or 2022) (SOC 2 / NIST / GDPR helpful)
Real ownership of client questionnaires, vendor/service security reviews, and audit evidence packs
Comfortable in Windows + Microsoft 365/Azure + SaaS control environments
Nice to have
Security metrics/dashboards for governance reporting
If this fits, please message your resume (or LinkedIn), plus your direct vs. contract-to-direct preference and your compensation target.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Consulting and Information Technology
Industries Computer and Network Security and IT Services and IT Consulting
Location: Minneapolis, MN. Salary range: $120,000 – $155,000.
#J-18808-Ljbffr