We are seeking a Information Management Consultant

<p>We are seeking a Information Management Consultant!</p><p> </p><p><strong>Responsibilities:</strong></p><ul><li>Own and drive ISO 27001 and SOC 2 compliance activities end-to-end: gap assessments, control implementation, evidence collection, and audit readiness</li><li>Maintain the Information Security Management System (ISMS): policies, risk register, treatment plans, and control documentation</li><li>Lead internal audits and management reviews; prepare the team and evidence base for external certification and surveillance audits</li><li>Serve as the primary point of contact for external auditors and certification bodies: managing scope, scheduling, walkthroughs, and findings responses</li><li>Coordinate with developers, DevOps, and product teams to ensure security controls are implemented and verifiable in the Azure-hosted SaaS environment</li><li>Triage and track SAST/DAST findings and vulnerability reports; drive remediation to closure with the engineering team</li><li>Monitor and respond to security incidents; maintain and test incident response procedures</li><li>Conduct regular risk assessments and translate findings into concrete, actionable remediation work</li><li>Keep security policies and procedures current and aligned with evolving standards and business needs</li><li>Provide practical security guidance to developers and other team members: security by education, not just enforcement</li><li>Track relevant regulatory and compliance changes (ISO, SOC 2, GDPR where applicable) and assess their impact on the team</li></ul><p> </p><p><strong>Qualifications:</strong></p><ul><li>5&#43; years of hands-on experience in information security, with direct ownership of ISO 27001 programs through full audit cycles</li><li>Proven track record of leading compliance</li><li>Strong understanding of cloud security in Azure (IAM, networking, logging, encryption, security tooling)</li><li>Familiar with SAST/DAST tooling and the software development lifecycle in agile teams</li><li>Able to translate compliance requirements into practical engineering tasks and work directly with developers to get them done</li><li>Strong written and verbal communicator, comfortable producing audit-ready documentation and presenting to auditors, management, and customers</li></ul><p><br /><strong>Nice to have:</strong></p><ul><li>Relevant certifications: ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent</li><li>Experience securing SaaS products across web and mobile (iOS/Android)</li><li>Familiarity with GDPR compliance requirements in a European operating context</li><li>Experience with Azure security tooling: Defender for Cloud, Sentinel, or equivalent</li></ul><p> </p><p><strong>Please upload diploma and transcripts with your application.</strong></p><p><br /><strong>Folk can offer:</strong></p><ul><li>Good long-term opportunities with our clients</li><li>Individual and adapted follow-up while on assignment</li><li>Good career development opportunities in an interesting and innovative sector</li><li>Competitive terms and conditions</li><li>Social events and pleasant tokens of appreciation throughout the year</li></ul><p><br /><i>We see possibilities in your competence!</i><br />In Folk, we work in accordance with our values: ethical, personal, enthusiastic and flexible.</p>