Information security consultant / IT audit manager
remote (preferably Lviv or Kyiv), Ukraine (Hybrid)
remote (preferably Lviv or Kyiv), Ukraine (Hybrid)
We are seeking a Senior Information Security Consultant / IT Audit Manager to join our TechMagic team. You will work on a diverse portfolio of clients, providing expert guidance on their security and compliance journeys. This is a full-time, remote position, and we are looking for a highly skilled professional with a strong background in GRC and IT audit.
Experience: 4–7+ years in GRC, IT audit, or compliance, with a proven track record of successfully completing at least two end-to-end ISO 27001 and/or SOC 2 programs.
Primary Stack: Deep expertise in ISO/IEC 27001:2022, SOC 2, NIST CSF 2.0, and OWASP ASVS/SAMM/DSOMM.
Cloud & Compliance: Strong knowledge of cloud security best practices on AWS/Azure/GCP and a solid understanding of HITRUST, GDPR, and HIPAA.
Tools: Hands-on experience with GRC platforms like Drata, Vanta, or Secureframe.
English: Upper-Intermediate or Advanced level proficiency.
Certifications: ISO 27001 Lead Implementer/Lead Auditor, CISSP, CISM, or CISA.
Regulatory Knowledge: Familiarity with Microsoft SSPA/DPR and NIS2/DORA.
Security Operations: Exposure to SIEM/SOC (e.g., Microsoft Sentinel).
Domain Experience: Prior experience in the fintech or healthcare industries.
Lead GRC Engagements: You will manage end-to-end ISO 27001, SOC 2, and HITRUST readiness projects. This includes everything from gap assessments and risk analysis to coaching clients on implementation and providing support during external audits.
Act as a vCISO: Serve as a fractional vCISO for our clients, taking ownership of their security roadmaps, risk registers, security awareness programs, and reporting to executive leadership and boards.
Implement and Manage ISMS: Build and maintain Information Security Management Systems (ISMS), handling all aspects from policy lifecycle management and internal audits to continual improvement.
Drive Risk Management: Conduct enterprise risk assessments and facilitate threat modeling to proactively identify and mitigate security risks.
Consult on Core Security Practices: Advise clients on key security practices, including secure SDLC, change management, incident response, and business continuity planning, with a focus on cloud security in AWS, Azure, and GCP.
Full-time working day in our Lviv or Kyiv office, (flexible hours) or full-time remote
1st stage - call with Recruiter
2nd stage - Technical interview
Opportunity to improve your skills in stong technical team
Work from anywhere (fully remotely or in our office)
Paid vacations and sick leaves, additional days off, relocation bonus;
Wellness: Medical insurance/sports compensation/ health check-up+flu vaccination at your choice
Education: regular tech talks, educational courses, paid certifications, English classes;
Fun: own football team, budget for team lunches, branded gifts
One of the best IT employers in Lviv based on DOU rating.
Recuiter Yuliia Nochovna
