IT Compliance/Information Security Consultant

We are Riskora Consulting — a small but passionate team of like-minded professionals who truly care about IT compliance and security. Our mission is simple: to make complex compliance frameworks easy and accessible. We believe that compliance shouldn’t be scary, boring, or expensive. Our goal is to guide clients on their certification journeys with clarity, support, and a smile.

We work with companies striving to achieve or maintain certifications or frameworks like ISO 27001, ISO 27701, SOC 2, GDPR, PCI DSS, DORA, MiCA, etc. helping them build secure, trustworthy systems and meet regulatory expectations with confidence.

Job Description:

We’re looking for an experienced IT Security / Compliance Consultant to join us on a part-time basis with a potential path to full-time in the near future.

In this role, you will work closely with our clients to support their ISO 27001 certification journeys, either helping them obtain the certification from scratch or maintaining their current compliance posture. You will act as a trusted advisor and hands-on compliance partner, making sure all documentation, processes, and controls are in place and audit-ready.

Key Requirements

• Minimum 3 years of hands-on experience with ISO 27001 implementation or support
• Deep understanding of:
• ISO 27001 certification process and its structure, including:
• Gap assessments
• Information Security Management System (ISMS) design and implementation
• Development and maintenance of ISO-required documentation, including
• Information security risk assessment and treatment planning including Statement of Applicability (SoA)
• Internal audit process: planning, preparing, conducting, and reporting audits
• Incident management and business continuity planning
• Security awareness, training, and organizational communication
• External audit support
• Strong communication and project coordination skills
• ISO 27001 Lead Auditor (LA) or Lead Implementer (LI) certification is highly preferred
• Bonus points for knowledge of SOC 2, GDPR, DORA or MiCA compliance requirements
•  

Responsibilities (may differ from the project needs):

• Conduct gap analyses and maturity assessments for ISO 27001
• Develop and maintain compliance documentation (policies, procedures, and operational documents like risk registers, etc.)
• Support clients during internal and external audits
• Help implement and review security controls across various domains (e.g., access control, cryptographic controls, asset management, physical and environmental security, operations security, incident response, supplier relationships, business continuity, and information security policies and procedures).
• Work closely with client teams to ensure compliance milestones are met
• Provide strategic input and practical support in achieving or maintaining certification status
• Stay up to date with evolving compliance standards and regulations
•  

What we offer:

• Part-time engagement with the possibility to transition to full-time
• Highly flexible schedule — perfect for those balancing another job or project
• A no-micromanagement culture — we trust our team and value results over hours
• Collaboration with a friendly, highly motivated, and experienced team
• The chance to make a real impact for clients while growing your expertise in IT compliance
• Opportunities to grow your expertise with different clients and get certified, with company-discounts on industry-recognized certifications like ISO 27001 LA/LI, DORA, and more.