job_post.share_by LinkedIn

Information Security & Compliance Consultant

Workplace: Remote

Workload: Full-time

Contract type: Contract of Mandate / B2B

 

We are looking for an experienced Information Security & Compliance Consultant to support the CISO organization . The consultant will lead and execute supplier assessments, supplier audits, internal audits, and various security, quality, and compliance activities. The role collaborates closely with Information Security, Quality, Legal & Compliance, Procurement, and IS/IT to ensure strong third‑party risk management and effective internal controls in ISO 27001‑aligned and GxP‑relevant environments.

 

Job Description:

1. Supplier Security Assessments

  • Perform information security assessments of key suppliers (CROs, CMOs, XaaS, Managed Services, etc.).
  • Check compliance with Sobi’s requirements and relevant standards (ISO 27001, SOC 2, GxP).
  • Review security documentation (certificates, pen tests, audits).
  • Engage with suppliers to clarify controls and remediation plans.
  • Document risks and recommended actions in the third‑party risk process.

2. Supplier Audits

  • Plan and conduct supplier audits (postal, remote, onsite) together with InfoSec, Compliance, and Quality.
  • Prepare agendas, checklists, and control tests.
  • Assess adherence to contractual and industry requirements.
  • Produce audit reports, risk ratings, and CAPAs; follow up on remediation.
3. Internal Audits & Reviews
  • Perform internal reviews of security controls, processes, and documentation.
  • Support ISO 27001 and GxP readiness reviews.
  • Report findings and recommend improvements.
4. Quality & Compliance Support
  • Contribute to ISMS maintenance and updates.
  • Help update SOPs, templates, and control documentation.
  • Support continuous improvement of audit methods and tools.
Candidate Profile:
  • Experience conducting InfoSec, IT compliance, or quality audits.
  • Background in pharma/medtech/life science; GxP knowledge is a plus.
  • Strong understanding of ISO 27001 and risk frameworks (e.g., NIST).
  • Skilled in reviewing SOC 2 reports, ISO certs, and security test reports.
  • Able to plan and execute audits independently.
  • Excellent communication and documentation skills in English.

 

What do we offer?

  • Benefits package (private medical care, sports card, group insurance).
  • Free English lessons with a dedicated teacher.
  • Access to an extensive training library covering both soft and technical skills.
  • Sports activities outside of work.
  • Team-building events, competitions, and challenges. 

 

Who we are – in a few words:

Industry: We operate in the IT sector.
Clients: We support international companies from regulated industries (banking, finance, insurance, pharmaceuticals).
Services: We provide comprehensive quality assurance and implement modern HR platforms for employee management.

How do we work? See what our employees say 👉 Piotr i Julia

ID: 161 job_post.published_on: 19/03/2026
announcement.apply