ISO 27001:2022 Implementation Consultant Needed for Small SaaS

We are Fentrica (www.fentrica.com), a Tallinn-based SaaS company offering building connected management software and energy management platforms. We are a lean team of ~10 employees looking for an experienced Information Security Consultant to guide us through ISO 27001:2022 implementation and certification. We have already selected our external auditor (Metrosert) and defined our scope. Our audit will be done remotely. Now, we need a hands-on consultant to prepare the ISMS, write the necessary policies, and get us ready for the Stage 1 audit. The Goal: We need you to "hold the pen." We are looking for someone to draft the required policies and procedures tailored to our size and tech stack. We want a lean, practical ISMS that satisfies the auditor without creating unnecessary bureaucracy for a 10-person startup. Our Tech Stack & Environment: Cloud Infrastructure: Azure (primary), AWS (Cognito only). Identity & Access: Google Workspace, 1Password. Observability: New Relic / Azure. Responsibilities: Gap Analysis: Review our current setup against ISO 27001:2022 controls. Documentation Writing: Draft the Statement of Applicability (SoA), Information Security Policy, and all mandatory procedures (Access Control, Risk Management, Incident Response, etc.). Risk Assessment: Facilitate the risk assessment process and help us define the Risk Treatment Plan. Audit Prep: Prepare us for the Stage 1 and Stage 2 audits. Scope: The scope is defined as "Information security management in Fentrica cloud platform development, operation and support processes". Requirements: Proven experience implementing ISO 27001:2022 for small SaaS companies (Startups). Technical understanding of cloud environments (Azure/AWS). Ability to write clear, concise documentation in English. To Apply: Please briefly describe your experience with: ISO 27001 implementations for companies with up to 20 employees. Apply tot his job Apply To this Job