Information Security Consultant - ISO 27001

Information Security Consultant The Information Security Consultant advises organisations on protecting information assets, shaping security strategy, and ensuring resilience against cyber and operational risks. This role delivers measurable improvements in governance, risk, and compliance while enabling business continuity and trustworthy operations. Responsibilities Lead and execute comprehensive risk assessments and security gap analyses to identify vulnerabilities and prioritise mitigations aligned with business objectives. Plan, coordinate and perform ISO 27001 certification readiness activities and ISO 27001 audits, including development of Statement of Applicability, risk treatment plans, and evidence collection. Support business continuity through ISO 22301 certification readiness and audit activities, conducting Business Impact Analysis (BIA) and ensuring recovery objectives are defined and tested. Support with design, implement and maintain information security policies, standards and governance frameworks that integrate with quality management (ISO 9001) and compliance requirements. Develop and deliver training and awareness programmes to raise staff competency in security best practices, incident reporting, and compliance obligations. Assist in creating and validating incident response plans, run tabletop exercises, and BCP-tests. Provide advisory support for supplier/security third-party assessments and contractual security requirements to manage supply chain risk. Produce clear, actionable reports and dashboards for senior stakeholders showing risk posture, audit findings, remediation progress and compliance status. Coach and mentor internal teams on secure design, control implementation and continuous improvement aligned with recognised standards and business needs. Profile A pragmatic security professional who balances technical understanding with business context, focused on enabling secure outcomes rather than gatekeeping. Strong communicator who can translate technical risk into business impact, build consensus, and influence stakeholders across functions. Detail-oriented and methodical, comfortable managing audit evidence, control matrices and remediation tracking to closure. Collaborative team player with a growth mindset who values knowledge sharing, coaching and building resilient processes. Required: Proven experience delivering ISO 27001 certification readiness and conducting ISO 27001 audits or assessments. Experience with business continuity planning, ISO 22301 certification readiness and conducting Business Impact Analysis (BIA). Strong competency in performing risk assessments, risk treatment planning and maintaining risk registers. Hands-on experience developing governance frameworks, policies and compliance artefacts; familiarity with ISO 9001 and ISO 9001 readiness activities is required. Proven ability to design and deliver training and awareness programmes related to security, compliance and business continuity. Excellent report writing and stakeholder reporting skills; ability to present deliverables suitable for executive audiences. Nice to have: Professional certifications such as CISSP, CISM, Lead Auditor for ISO 27001 or ISO 22301, or equivalent practical experience. Experience with third-party or supplier security assessments, contract reviews and supply chain risk management. Familiarity with automated audit/tracking tools, GRC platforms, or quality management systems supporting ISO 9001. Experience working in regulated industries or multi-national organisations with complex compliance landscapes. Reporting Line & Organisational Context The role typically reports to the Head of Information Security or Director of Risk and Compliance and operates within a cross-functional security and risk management function. You will influence executives and partner closely with IT, legal, HR, procurement and IT operations to embed secure practices across the organisation. Team Structure & Collaboration Interfaces You will work as a consultant within a security team that includes security engineers, GRC-lead and the CISO. Regular collaboration with business unit leaders, internal audit, quality teams (ISO 9001), business continuity owners and external auditors is expected. The role encourages mentoring junior staff and leading cross-functional working groups. Deliverables & Success Metrics Completed ISO 27001 and/or ISO 22301 certification readiness plans and successful audit closures within agreed timelines. Actionable risk assessment reports, maintained risk register entries and tracked remediation with measurable reduction in high-risk items. Business Impact Analysis reports and tested continuity plans demonstrating achievable Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Training attendance and effectiveness metrics, increased staff awareness scores and reduced human-related incidents. Governance artefacts and compliance evidence packs ready for regulatory or certification review; positive audit outcomes and fewer non-conformities. Tools, Technologies & Domain Context Work will involve familiar tools and platforms used for risk management, audit evidence collection, GRC automation (Drata), vulnerability scanning and incident management. Knowledge of common enterprise IT stacks (GWS, Atlassian, Slack), cloud security (GCP) considerations and integration of security with quality management systems (including ISO 9001 processes) will be beneficial. The role spans information security, business continuity and compliance domains, offering broad exposure and opportunities to shape resilient, scalable security practices. Seniority level 4+ years Project start 2026-02-02 Project end 2026-09-30 Location Stockholm Form of collaboration Hybrid Languages Swedish, English