We are seeking a Information Management Consultant

We are seeking a Information Management Consultant!

• Own and drive ISO 27001 and SOC 2 compliance activities end-to-end: gap assessments, control implementation, evidence collection, and audit readiness
• Maintain the Information Security Management System (ISMS): policies, risk register, treatment plans, and control documentation
• Lead internal audits and management reviews; prepare the team and evidence base for external certification and surveillance audits
• Serve as the primary point of contact for external auditors and certification bodies: managing scope, scheduling, walkthroughs, and findings responses
• Coordinate with developers, DevOps, and product teams to ensure security controls are implemented and verifiable in the Azure-hosted SaaS environment
• Triage and track SAST/DAST findings and vulnerability reports; drive remediation to closure with the engineering team
• Monitor and respond to security incidents; maintain and test incident response procedures
• Conduct regular risk assessments and translate findings into concrete, actionable remediation work
• Keep security policies and procedures current and aligned with evolving standards and business needs
• Provide practical security guidance to developers and other team members: security by education, not just enforcement
• Track relevant regulatory and compliance changes (ISO, SOC 2, GDPR where applicable) and assess their impact on the team

• 5+ years of hands-on experience in information security, with direct ownership of ISO 27001 programs through full audit cycles
• Proven track record of leading compliance
• Strong understanding of cloud security in Azure (IAM, networking, logging, encryption, security tooling)
• Familiar with SAST/DAST tooling and the software development lifecycle in agile teams
• Able to translate compliance requirements into practical engineering tasks and work directly with developers to get them done
• Strong written and verbal communicator, comfortable producing audit-ready documentation and presenting to auditors, management, and customers

Nice to have:

• Relevant certifications: ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent
• Experience securing SaaS products across web and mobile (iOS/Android)
• Familiarity with GDPR compliance requirements in a European operating context
• Experience with Azure security tooling: Defender for Cloud, Sentinel, or equivalent

Folk can offer:

• Good long-term opportunities with our clients
• Individual and adapted follow-up while on assignment
• Good career development opportunities in an interesting and innovative sector
• Competitive terms and conditions
• Social events and pleasant tokens of appreciation throughout the year

We see possibilities in your competence!
In Folk, we work in accordance with our values: ethical, personal, enthusiastic and flexible.