Senior GRC / ISO 27001 Program Lead [Freelance]

About Equativ
Equativ is a leading independent advertising platform that connects advertisers and publishers to deliver seamless video and audiovisual experiences worldwide. In a data-driven ecosystem, the trust and security of our infrastructure are at the core of our value proposition.
Your mission
Reporting to the VP IT & Security, you will take direct ownership of the ISO 27001 certification program, to be delivered within a tight 12-month timeframe. You will design and execute the roadmap end-to-end: scoping, risk analysis, controls deployment, ISMS implementation, internal audit, and certification audit management.
The tight timeline requires a senior, autonomous profile, operational from day one, able to make decisions, mobilize cross-functional teams (Tech, Product, Sales, Ops, Legal, HR) and bring the entire company on board.
Key responsibilities
ISO 27001 program management (12 months)
Define and own the certification roadmap: milestones, deliverables, dependencies, workload plan.
Build and operate the Information Security Management System (ISMS): policies, procedures, Statement of Applicability (SoA), risk treatment plan.
Manage the full audit cycle: internal pre-audit, final certification audit (stages 1 and 2), then annual surveillance and renewal audits. Selection and management of the certification body.
Regular reporting to the VP IT & Security and the Executive Committee (KPIs / KRIs, progress, blockers).
Risk analysis and management
Conduct and maintain risk assessments on critical assets using a recognized methodology (EBIOS RM, ISO 27005 or equivalent — operational mastery of at least one method is required).
Analyze risks related to AI agents deployed within the company: map use cases, assess risks (data leakage, prompt injection, hallucinations, system access, third-party dependencies), define mitigation measures and associated controls.
Define, track and challenge remediation plans with technical and business teams.
Audit, control and cont...