ISO 27001:2022 Implementation Consultant Needed for Small SaaS
We are Fentrica (www.fentrica.com), a Tallinn-based SaaS company offering building connected management software and energy management platforms. We are a lean team of ~10 employees looking for an experienced Information Security Consultant to guide us through ISO 27001:2022 implementation and certification.
We have already selected our external auditor (Metrosert) and defined our scope. Our audit will be done remotely. Now, we need a hands-on consultant to prepare the ISMS, write the necessary policies, and get us ready for the Stage 1 audit.
The Goal: We need you to "hold the pen." We are looking for someone to draft the required policies and procedures tailored to our size and tech stack. We want a lean, practical ISMS that satisfies the auditor without creating unnecessary bureaucracy for a 10-person startup.
Our Tech Stack & Environment:
Cloud Infrastructure: Azure (primary), AWS (Cognito only).
Identity & Access: Google Workspace, 1Password.
Observability: New Relic / Azure.
Responsibilities:
Gap Analysis: Review our current setup against ISO 27001:2022 controls.
Documentation Writing: Draft the Statement of Applicability (SoA), Information Security Policy, and all mandatory procedures (Access Control, Risk Management, Incident Response, etc.).
Risk Assessment: Facilitate the risk assessment process and help us define the Risk Treatment Plan.
Audit Prep: Prepare us for the Stage 1 and Stage 2 audits.
Scope: The scope is defined as "Information security management in Fentrica cloud platform development, operation and support processes".
Requirements:
Proven experience implementing ISO 27001:2022 for small SaaS companies (Startups).
Technical understanding of cloud environments (Azure/AWS).
Ability to write clear, concise documentation in English.
To Apply: Please briefly describe your experience with:
ISO 27001 implementations for companies with up to 20 employees.Apply Now
Apply Now
We have already selected our external auditor (Metrosert) and defined our scope. Our audit will be done remotely. Now, we need a hands-on consultant to prepare the ISMS, write the necessary policies, and get us ready for the Stage 1 audit.
The Goal: We need you to "hold the pen." We are looking for someone to draft the required policies and procedures tailored to our size and tech stack. We want a lean, practical ISMS that satisfies the auditor without creating unnecessary bureaucracy for a 10-person startup.
Our Tech Stack & Environment:
Cloud Infrastructure: Azure (primary), AWS (Cognito only).
Identity & Access: Google Workspace, 1Password.
Observability: New Relic / Azure.
Responsibilities:
Gap Analysis: Review our current setup against ISO 27001:2022 controls.
Documentation Writing: Draft the Statement of Applicability (SoA), Information Security Policy, and all mandatory procedures (Access Control, Risk Management, Incident Response, etc.).
Risk Assessment: Facilitate the risk assessment process and help us define the Risk Treatment Plan.
Audit Prep: Prepare us for the Stage 1 and Stage 2 audits.
Scope: The scope is defined as "Information security management in Fentrica cloud platform development, operation and support processes".
Requirements:
Proven experience implementing ISO 27001:2022 for small SaaS companies (Startups).
Technical understanding of cloud environments (Azure/AWS).
Ability to write clear, concise documentation in English.
To Apply: Please briefly describe your experience with:
ISO 27001 implementations for companies with up to 20 employees.Apply Now
Apply Now