Role Summary

As an Information Security Specialist at CodeFortress, you will support multiple clients as part of our fractional CISO service line. Your primary mission is to help organizations build, improve, and maintain their security and privacy compliance programs in alignment with standards like ISO/IEC 27001, ISO/IEC 27701, and GDPR. You'll work directly with client stakeholders to guide them through audits, implement controls, and ensure ongoing compliance, while promoting a strong security culture.

This is a hands-on, delivery-focused role ideal for someone who thrives in a fast-paced, consultancy-style environment and is confident communicating with both technical and business stakeholders.

Key Responsibilities

• Serve as a trusted advisor to clients in the development and maintenance of their ISMS and PIMS aligned with ISO/IEC 27001 and ISO/IEC 27701.

• Guide clients through audit preparation, including documentation review, evidence collection, and control validation.

• Identify compliance gaps and assist in the implementation of technical and organizational controls.

• Conduct risk assessments, develop risk treatment plans, and track remediation efforts.

• Plan, execute, and monitor security awareness campaigns, including phishing simulations.

• Provide support for vulnerability management, including findings triage and remediation tracking.

• Contribute to internal playbooks, compliance templates, and reusable frameworks to streamline service delivery.

Requirements

• Proven, hands-on experience supporting ISO/IEC 27001 or SOC 2 certification audits.

• Solid knowledge of data protection principles and familiarity with ISO/IEC 27701.

• Ability to independently manage multiple client engagements.

• Excellent communication skills, with experience interfacing with client teams, auditors, and vendors.

• Advanced writing and documentation skills (e.g., policies, procedures, audit evidence).

Nice-to-Haves

• Familiarity with SOC 2, HIPAA, or other security/privacy frameworks.

• Experience with security awareness tools, phishing platforms, or LMSs.

• Background in vulnerability management, including scanning, triage, and reporting.

• Prior work in a cybersecurity consultancy or managed security services environment.

• Relevant certifications such as ISO 27001 Lead Implementer, CIPP/E, CISSP, or CISM.

We offer

• Focus on what matters — minimal bureaucracy and no micromanagement.

• Competitive compensation based on your skills and experience.

• Supportive and friendly work environment.

• Flexible schedule aligned with project needs.

• 12 working days of paid vacation annually.

• 6 working days per year can be taken off for personal reasons — no explanation needed.