Search jobs
Back to search Apply now
Ref: #71773

GRC Consultant

 

GRC Consultant – ISO/IEC 27001 Controls for a regulated medical device company. Responsible for supporting the design, implementation, and operation of an ISO/IEC 27001–aligned ISMS, integrating information security governance, risk management, and compliance with medical device regulatory and quality requirements.

Role Type:

Contract / Permanent

Start Date:

Immediate 

Salary:

Day Rate + Expenses / Fixed Package (dependent on engagement type and experience)

Location / Language:

 Hybrid / On-site (Utrecht)
Language: English (mandatory)

Requirements Description:

The client is seeking an experienced GRC Consultant with strong ISO/IEC 27001 controls expertise and prior experience in regulated environments, ideally medical devices, healthcare, or life sciences. The consultant will work closely with Quality, Regulatory Affairs, IT, and R&D teams to ensure information security controls are aligned with both ISO standards and medical device regulations.

Tasks Description:

  • Implement, review, and maintain ISO/IEC 27001 and ISO 27002 controls

  • Develop and maintain ISMS documentation, including policies, procedures, risk assessments, and Statement of Applicability (SoA)

  • Conduct information security risk assessments aligned with ISO 27005 and integrated with ISO 14971 product risk management

  • Support internal audits, certification audits, and regulatory inspections

  • Align security controls with ISO 13485, FDA QSR (21 CFR 820), and relevant IEC standards (e.g., IEC 62304, IEC 81001-5-1)

  • Support supplier and third-party security risk assessments

  • Track remediation actions, KPIs, and continuous improvement activities

Essential Skills / Experience Description:

  • Strong hands-on experience with ISO/IEC 27001 and ISO 27002 controls

  • Proven GRC consulting experience in regulated industries

  • Experience working within or alongside Quality Management Systems (ISO 13485 / FDA QSR)

  • Solid understanding of information security risk management frameworks

  • Experience supporting audits and compliance assessments

  • Excellent documentation and stakeholder communication skills

Desirable Skills / Additional Information Description:

  • ISO/IEC 27001 Lead Implementer or Lead Auditor certification

  • Medical device or healthcare cybersecurity experience

  • Familiarity with IEC 62304, IEC 81001-5-1, HIPAA, and/or GDPR

  • Experience working with cloud environments and third-party risk management

  • Background collaborating with R&D or product security teams

Team Contact:

jude.russell@next-ventures.com

Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!