Iso 27001 Analyst
2 semanas atrás
**About Insight Assurance**
Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, we deliver next-generation audit services across SOC 2, ISO 27001, PCI DSS (QSA), HITRUST, CMMC (C3PAO), and FedRAMP (3PAO) frameworks.
We're not your traditional audit firm — we're tech-enabled, leveraging compliance automation and advanced collaboration tools to make audits faster, smarter, and more impactful for our clients.
Recognized on the Inc. 5000 and Fast 50 lists, Insight Assurance is one of the fastest-growing global audit firms, with 170+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC.
**
The ISO Analyst supports the audit and assurance teams in performing ISO 27001 certification assessments and related information security audits. Working under the supervision of an Auditor, Lead Auditor, or Manager, the ISO Analyst assists in audit planning, evidence review, report preparation, and overall quality assurance.
This role requires strong attention to detail, effective communication skills, and a foundational understanding of management systems and information security principles.
**KEY RESPONSIBILITIES**
**General Audit Support**
- Ensure that all internal processes are followed correctly and consistently.
- Assist in the creation of audit programs and plans for clients and upcoming audits.
- Support evidence classification, review, and sampling activities.
- Take detailed notes during audits and assist in preparing high-quality reports.
- Send recap and follow-up communications as required.
- Collect statistics and support KPI reporting.
- Communicate effectively with stakeholders at all organizational levels using professional language and terminology.
- Maintain ethics, fairness, and accuracy in all audit documentation and reporting.
- Protect confidentiality of personally identifiable information (PII) and intellectual property (IP) belonging to both the firm and clients.
- Demonstrate professionalism and responsibility in all interactions.
**Administrative & Coordination Tasks**
- Handle client ingestion and onboarding activities.
- Perform HubSpot data scrubbing and updates.
- Register new engagements in Asana and coordinate Insight ONE transfers (in or out).
- Create SharePoint folders and upload Evidence Lists (EL).
- Follow up on CUP (Client Upload Portal) submissions.
**Audit Planning Support (in collaboration with the ISO Manager)**
- Follow up on CUP status and pending uploads.
- Send planning call recaps and assist with scheduling.
- Communicate auditor assignments and update Asana tasks.
- Collect and report metrics on Turnaround Time (TAT) for audit plan delivery.
**Audit Execution Support (in collaboration with ISO Auditors)**
- Ensure auditors have access to necessary GRC platforms and client systems.
**Audit Reporting & Quality Assurance (in collaboration with ISO Manager)**
- Collect metrics on TAT for archive submissions.
- Register findings in the Universal Registry of Findings.
- Complete archive QA forms and support non-technical QA reviews, including:
- Audit Report
- Audit Plan
- Audit Program
- Registry of Findings
**Certificate & Registry Management**
- Handle certificate registration in the appropriate database.
- Maintain IAF CertSearch registrations and updates.
**Knowledge Requirements**
- Organizational structures, governance, and workplace practices.
- Information and data systems, documentation systems, and IT fundamentals.
- Audit principles, practices, and techniques in accordance with ISO standards.
- Management system standards and normative documents required for certification.
- Certification Body (CB) processes and procedures.
- Industry terminology, practices, and expectations relevant to the client's business sector.
- Common products, processes, and operations across industries to understand client context.
- Application of management system requirements to various organizational types.
- ISMS-specific documentation structures and interrelationships.
- Information security management tools, methods, and techniques.
- Information security risk assessment and risk management principles.
- ISMS processes and current information security technologies.
- ISO/IEC 27001 requirements and implementation principles.
- ISO/IEC 27002 controls (and sector-specific standards if applicable), including:
- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Access control and authorization
- Cryptography
- Physical and environmental security
- Operations and IT service security
- Communications and network security
- System acquisition, development, and maintenance
- Supplier relationships and outsourced services
- Information security incident management
- Business continuity and redundancy planning
- Compliance and information security revie
-
Consultor ISO 27001
2 semanas atrás
Lisboa, Portugal DataSmart Tempo inteiro**# Think Data Be Smart #** **Sobre Nós**: A _DataSmart_ é uma empresa portuguesa que se posiciona como uma consultora de excelência, com mais de 20 anos de existência. Somos especializados em Tecnologias e serviços de Sistemas de Informação, para o mercado português e internacional. É com orgulho que cultivamos uma cultura de envolvimento,...
-
Iso 27001 Consultant
2 semanas atrás
Lisboa, Portugal DataSmart Tempo inteiro**# Think Data Be Smart #** **About Us**: _DataSmart_ is a Portuguese company, positioning itself as a consulting company of excellence, with over 20 years of existence. We are specialized in Technologies and Information Systems services, for the Portuguese and International markets. We pride ourselves on fostering a culture of involvement, experience, and...
-
Iso 27001 Associate Manager
2 semanas atrás
Lisboa, Portugal Insight Assurance Tempo inteiroInsight Assurance is a **global audit firm** on a mission to transform how organizations achieve cybersecurity and compliance. Founded by **former Big 4 (EY)** professionals, we deliver **next-generation audit services** across **SOC 2, ISO 27001, PCI DSS (QSA), HITRUST, CMMC (C3PAO), and FedRAMP (3PAO)** frameworks. We're not your traditional audit firm...
-
Mid-Senior Cyber Security Consultant
2 semanas atrás
Lisboa, Portugal Aubay Portugal Tempo inteiroA leading consulting firm in Lisbon seeks a Cyber Security professional with at least 3 years of experience. Key responsibilities include advanced knowledge of ISO 27001 and risk management practices. The ideal candidate should have robust Microsoft Office skills and a good command of English. This full-time role offers a hybrid work model and various...
-
Senior Risk
1 dia atrás
Lisboa, Portugal Capgemini Tempo inteiroA leading IT services firm in Lisbon is looking for a Senior Risk and Compliance professional with at least 5 years of experience in risk management and cybersecurity compliance. The role involves performing security assessments and ensuring compliance with various standards. The ideal candidate has a solid knowledge of frameworks like ISO 27001 and GDPR,...
-
MID Project Manager
Há 5 dias
Lisboa, Portugal Inoweiser Tempo inteiroInoweiser | Tech For a Better FutureSomos um grupo tecnológico com mais de 20 anos de experiência. Temos como foco capacitar os nossos clientes a enfrentarem os desafios mais complexos através de soluções inovadoras.A nossa missão é proporcionar a melhor experiência, tanto para a nossa equipa como para os clientes, construindo colaborativamente um...
-
Mid Project Manager
Há 5 dias
Lisboa, Portugal Inoweiser Tempo inteiroInoweiser | Tech For a Better Future Somos um grupo tecnológico com mais de 20 anos de experiência. Temos como foco capacitar os nossos clientes a enfrentarem os desafios mais complexos através de soluções inovadoras. A nossa missão é proporcionar a melhor experiência, tanto para a nossa equipa como para os clientes, construindo colaborativamente...
-
MID Project Manager
Há 5 dias
Lisboa, Portugal Inoweiser Tempo inteiroInoweiser | Tech For a Better Future Somos um grupo tecnológico com mais de 20 anos de experiência. Temos como foco capacitar os nossos clientes a enfrentarem os desafios mais complexos através de soluções inovadoras. A nossa missão é proporcionar a melhor experiência, tanto para a nossa equipa como para os clientes, construindo colaborativamente um...
-
Mid Project Manager
Há 3 dias
Lisboa, Portugal Inoweiser Tempo inteiroInoweiser | Tech For a Better Future Somos um grupo tecnológico com mais de 20 anos de experiência. Temos como foco capacitar os nossos clientes a enfrentarem os desafios mais complexos através de soluções inovadoras. A nossa missão é proporcionar a melhor experiência, tanto para a nossa equipa como para os clientes, construindo colaborativamente um...
-
MID Project Manager
Há 3 dias
lisboa, Portugal Inoweiser Tempo inteiroInoweiser | Tech For a Better Future Somos um grupo tecnológico com mais de 20 anos de experiência. Temos como foco capacitar os nossos clientes a enfrentarem os desafios mais complexos através de soluções inovadoras. A nossa missão é proporcionar a melhor experiência, tanto para a nossa equipa como para os clientes, construindo colaborativamente um...
