Information Security & Compliance Consultant

We operate in the IT sector. We support international companies from regulated industries including banking, finance, insurance, and pharmaceuticals. We provide comprehensive quality assurance and implement modern HR platforms for employee management.

• Experience conducting InfoSec, IT compliance, or quality audits.
• Background in pharma/medtech/life science; GxP knowledge is a plus.
• Strong understanding of ISO 27001 and risk frameworks (e.g., NIST).
• Skilled in reviewing SOC 2 reports, ISO certifications, and security test reports.
• Able to plan and execute audits independently.
• Excellent communication and documentation skills in English.

1. Supplier Security Assessments:

• Perform information security assessments of key suppliers (CROs, CMOs, XaaS, Managed Services, etc.).
• Check compliance with Sobi’s requirements and relevant standards (ISO 27001, SOC 2, GxP).
• Review security documentation (certificates, pen tests, audits).
• Engage with suppliers to clarify controls and remediation plans.
• Document risks and recommended actions in the third‑party risk process.

2. Supplier Audits:

• Plan and conduct supplier audits (postal, remote, onsite) together with InfoSec, Compliance, and Quality.
• Prepare agendas, checklists, and control tests.
• Assess adherence to contractual and industry requirements.
• Produce audit reports, risk ratings, and CAPAs; follow up on remediation.

3. Internal Audits & Reviews:

• Perform internal reviews of security controls, processes, and documentation.
• Support ISO 27001 and GxP readiness reviews.
• Report findings and recommend improvements.

4. Quality & Compliance Support:

• Contribute to ISMS maintenance and updates.
• Help update SOPs, templates, and control documentation.
• Support continuous improvement of audit methods and tools.