Back to search
Apply now
Ref: #71773
GRC Consultant
GRC Consultant – ISO/IEC 27001 Controls for a regulated medical device company. Responsible for supporting the design, implementation, and operation of an ISO/IEC 27001–aligned ISMS, integrating information security governance, risk management, and compliance with medical device regulatory and quality requirements.
Role Type:
Contract / Permanent
Start Date:
Immediate
Salary:
Day Rate + Expenses / Fixed Package (dependent on engagement type and experience)
Location / Language:
Hybrid / On-site (Utrecht)
Language: English (mandatory)
Requirements Description:
The client is seeking an experienced GRC Consultant with strong ISO/IEC 27001 controls expertise and prior experience in regulated environments, ideally medical devices, healthcare, or life sciences. The consultant will work closely with Quality, Regulatory Affairs, IT, and R&D teams to ensure information security controls are aligned with both ISO standards and medical device regulations.
Tasks Description:
-
Implement, review, and maintain ISO/IEC 27001 and ISO 27002 controls
-
Develop and maintain ISMS documentation, including policies, procedures, risk assessments, and Statement of Applicability (SoA)
-
Conduct information security risk assessments aligned with ISO 27005 and integrated with ISO 14971 product risk management
-
Support internal audits, certification audits, and regulatory inspections
-
Align security controls with ISO 13485, FDA QSR (21 CFR 820), and relevant IEC standards (e.g., IEC 62304, IEC 81001-5-1)
-
Support supplier and third-party security risk assessments
-
Track remediation actions, KPIs, and continuous improvement activities
Essential Skills / Experience Description:
-
Strong hands-on experience with ISO/IEC 27001 and ISO 27002 controls
-
Proven GRC consulting experience in regulated industries
-
Experience working within or alongside Quality Management Systems (ISO 13485 / FDA QSR)
-
Solid understanding of information security risk management frameworks
-
Experience supporting audits and compliance assessments
-
Excellent documentation and stakeholder communication skills
Desirable Skills / Additional Information Description:
-
ISO/IEC 27001 Lead Implementer or Lead Auditor certification
-
Medical device or healthcare cybersecurity experience
-
Familiarity with IEC 62304, IEC 81001-5-1, HIPAA, and/or GDPR
-
Experience working with cloud environments and third-party risk management
-
Background collaborating with R&D or product security teams
Team Contact:
jude.russell@next-ventures.com
- share
-
-
-
-
