ISO 27001 Consultant / Auditor

  • VIC, NSW, ACT, Hybrid
  • Full-time

About the role

SolStak is looking for an ISO 27001 Consultant / Auditor to design, implement and audit Information Security Management Systems (ISMS) for sovereign Defence and government organisations. You will help clients achieve and maintain certification while aligning with Australian regulatory and mission requirements.

What you’ll do

  • Establish and maintain ISO/IEC 27001 ISMS frameworks for client environments
  • Conduct gap analyses, internal audits and pre-certification readiness assessments
  • Develop policies, procedures, risk registers and statement of applicability documentation
  • Support certification audits and ongoing surveillance activities
  • Align ISMS controls with IRAP, ISM and enterprise security programmes where required

What we’re looking for

  • Demonstrated experience implementing or auditing ISO/IEC 27001 ISMS programmes
  • Strong understanding of Annex A controls, risk treatment and continuous improvement
  • Experience in Defence, government or other regulated industry contexts
  • Excellent documentation skills and stakeholder communication
  • Australian citizenship
  • Minimum two years of proven experience in a relevant role
  • Own GitLab instance and home lab environment (highly desirable)
  • Existing Australian Government security clearance (highly desirable)
  • Industry certifications (highly desirable)

What it feels like to work here

You’ll build ISMS programmes that work in practice — not shelfware. SolStak consultants partner with engineering teams who implement controls, giving you a direct line from policy to production. Expect meaningful client relationships, hybrid flexibility across VIC, NSW and ACT, and a team that respects deep security governance craft.

Why engineers join

  • Lead ISO 27001 programmes for sovereign Defence and government clients
  • Work alongside delivery teams who close audit findings in real environments
  • Bridge ISMS, IRAP and operational security across the full ICT stack
  • Build a portfolio of certified, accredited security programmes
  • Join a company that values practical assurance over compliance theatre

What technologies you’re exposed to

ISO 27001 consultants at SolStak assess and govern security across the full sovereign ICT stack — from data platforms and cloud through to virtualisation and security products.

Data engineering

  • Data governance, classification and pipeline security controls
  • Cloudera, Spark and enterprise analytics platform assurance

Cloud & hyperscalers

  • AWS, Azure, GCP and sovereign cloud ISMS scope and control mapping
  • Shared responsibility, IAM and hybrid environment governance

Virtualisation & platform

  • VMware, OpenShift, Kubernetes and platform hardening standards
  • Change management, configuration baselines and operational runbooks

Security products

  • SIEM, SOAR, PAM, vulnerability management and endpoint protection
  • Incident response, business continuity and third-party risk tooling