ISO 27001 ISMS Compliance Unification Consultant

We are seeking consulting support to guide Swift's internal team through the unification of existing compliance frameworks under a centralized ISO 27001-aligned Information Security Management System (ISMS). The objective is to streamline and integrate multiple regulatory and certification requirements into a cohesive, scalable compliance program.

• ISO 27001 — Foundation of the unified ISMS (policies being consolidated)
• ISO 9001 — Compliant
• ISO 42001 — Alignment with EU AI Act
• GDPR — Compliant (+ country-specific addendums like BDSG Germany)
• Cyber Essentials Plus — Compliant
• SOC 2 — Compliant for Cloud Services (certificate expiring end of March, audit pushed during policy unification)
• EU Cyber Resilience Act (CRA) — Custom framework for mapping and tracking required controls
• EU Data Act — Controls to be added within CRA framework

• Expert guidance on ISO 27001 implementation and integration with all targeted frameworks
• Strategic and legal advisory for GDPR alignment and country-specific addendums (e.g., BDSG in Germany)
• Practical interpretation and roadmap development for upcoming EU regulations (CRA, Data Act, AI Act)
• Support for mapping and optimizing controls within Drata GRC platform, including cross-framework alignment
• Gap assessments, policy and control reviews, QA oversight of internal implementation
• Audit readiness and external certification preparation
• Vendor Management: onboarding and vetting several hundred vendors through formal procurement and risk assessment process (due diligence, risk classification, documentation, ISMS/GRC integration into Drata)
• Operational Playbook Development: collaborating with internal teams to develop consistent, actionable playbooks aligned with unified compliance policies and technical runbooks

• Global business operations — compliance needed across all regions
• GRC platform: Drata (consultants may connect via SSO with additional security controls)
• Internal team: 5-10 people (currently 2 leads with management support)
• Solid compliance footing achieved by separate groups; now unifying under single ISMS
• Two primary focuses: ISO 27001 as foundation + EU CRA compliance
• FY26 starts April 1st — budget finalization in progress, leadership pushing to start immediately

• ISO 27001 Lead Implementer/Auditor certification
• Multi-framework compliance unification experience (ISO 27001, SOC 2, GDPR, CRA, etc.)
• GRC platform experience (Drata preferred, similar platforms acceptable)
• GDPR expertise with international regulatory scope
• Knowledge of EU Cyber Resilience Act, Data Act, AI Act (ISO 42001)
• Vendor/third-party risk management and assessment at scale
• Operational playbook and policy development skills
• Strong communication skills for executive reporting and cross-functional collaboration

The client anticipates leading the majority of the implementation internally and is looking for a consulting partner providing expert guidance, gap assessments, policy reviews, QA oversight, and direct support for vendor onboarding and playbook development. Pricing structures considered: fixed-fee, time-and-materials, or retainer options.