Cybersecurity And Management Systems Support Services Position

Cybersecurity And Management Systems Support Services Position
Porto
Porto, Porto District, Portugal

Welcome to Felps Group ?

A community of passionate experts, combining their skills to help your business reach new heights.

? Our Expertise

Felps Group is an alliance of Pure Players made up of four dedicated Squads: Telecom, IT, Cybersecurity, and Change Management.

Each Squad is led by a Captain, an expert in their specific field. These Captains support consultants throughout their journey at Felps, guiding them in choosing the right assignments and training paths.

Our ambition is to foster growth and professional development, enabling our consultants to continuously evolve their careers.

? Our Approach

At Felps Group, the consultant is at the heart of our model and therefore at the centre of everything we do.

The close partnership between the Squad Captain and the Associate Director ensures optimal
- up and support. Thanks to this structure and our expertise, we provide personalised,
- depth, and
- impact guidance to every consultant.

? Diversity & Inclusion

At Felps Group, we firmly believe in the power of diversity and inclusion. We are committed to creating an inclusive working environment where everyone feels respected, supported, and encouraged to contribute fully.

As part of our team, you will join a culture that celebrates diversity in all its forms—age, gender, ethnic background, religion, sexual orientation, gender identity, skills,
- economic background, or any other personal characteristic. We are proud of our commitment to equal opportunities and fairness.

We strongly encourage all qualified candidates, including individuals with recognised disabilities (RQTH), to apply. We are committed to providing a supportive and inclusive work environment and to making reasonable adjustments throughout the recruitment process. If you have specific accessibility needs, please let us know—we will do our best to support you.

We’re Hiring: Cybersecurity and Management Systems Support Services

Hybrid model: 3 days onsite per week in Porto

Project Overview

The objective of this project is to ensure the continuous operation, monitoring, and improvement of the Integrated Management System (IMS) in compliance with ISO 27001, ISO 22301, and ISO 9001 standards.

The role focuses on maintaining audit readiness, strengthening internal processes and controls, and driving continuous improvement across information security, business continuity, and quality management frameworks.

Goals & Scope of Services

Felps Group is engaging a qualified professional to deliver the following services:

1. LOD 1. 5 Execution & Support

• Validate evidence submitted by Level 1 (LOD1) within the internal control tool.
• Assess the implementation, effectiveness, and maturity of LOD1 controls to ensure compliance with ISO and QNRCS standards and continuous improvement.
• Support and coordinate Information Security responses to Level 2 (LOD2) testing activities.
• Identify and propose control improvements in collaboration with control owners and stakeholders.
• Request, implement, and track control improvements within the internal control tool, ensuring full compliance with ISO 27001, ISO 22301, and ISO 9001.

2. Certifications Support

• Support all phases of the certification lifecycle: preparation, operational support,
  - ups, and in-person participation in:
• ISO 27001
• ISO 22301
• ISO 9001
• Digital Seal (Gold Level)
• QNRCS High-Level certifications
• Manage and maintain the certification calendar, ensuring stakeholder alignment and audit preparedness.
• Prepare, collect, and validate audit documentation and evidence.
• Document, support, and follow up on audit and management review outputs, including:
• Non-Conformities (NCs)
• Opportunities for Improvement (OFIs)
• Define action plans with owners and ensure consistent
  - up until closure.
• Implement NCs and OFIs assigned to the ISMS team when required.
• Conduct two internal audits of the IMS:
• One focused on ISO 27001 for specific entities.
• One covering ISO 27001, ISO 22301, ISO 9001, and the Digital Seal (Gold Level).
• Deliver full audit lifecycle activities: planning, execution, reporting, corrective actions, and
  - up.

3. Management Systems Monitoring & Continuous Improvement

• Support preparation and responses to information security questionnaires and assessments from clients, partners, and regulators.
• Monitor, maintain, and continuously improve management systems.
• Prepare and present IMS management reviews.
• Define, improve, and document KPIs;
  
  provide reporting and presentation support.
• Collect and report ISMS KPIs according to
  - defined frequency.
• Maintain and enhance the control register aligned with:
• ISO 27001
• ISO 22301
• ISO 9001
• QNRCS High-Level
• Produce or update IMS documentation within the documentation management system, ensuring annual reviews (approx. 150–200 documents).
• Identify improvements in information security documentation management.
• Provide ongoing consulting support to ensure regulatory compliance and alignment with industry best practices.
• Identify opportunities for process optimisation and risk mitigation across:
• Information Security
• Business Continuity
• Quality Management
• Ensure regular alignment meetings with internal stakeholders and document outcomes.

Expected Deliverables (Non-Exhaustive)

LOD 1. 5 Execution

• Validated LOD1 control evidence with maturity and effectiveness assessments.
• Documented control improvement proposals with defined owners.

? Certifications Support

• Certification preparation packs for all applicable standards.
• Updated certification calendar.
• Audit documentation and evidence packs.
• Documented NCs, OFIs, action plans, and
  - up reports.
• Internal audit plans and audit reports.

Management Systems Monitoring

• Completed security questionnaires with supporting evidence.
• IMS management review materials and presentations.
• ISMS KPI reports.
• Updated control register aligned with all applicable standards.
• Updated and newly created IMS documentation.
• Improvement and optimisation reports.
• Minutes and records from stakeholder alignment meetings.

Required Skills Level

• Certification lifecycle management — Confirmed⭐⭐⭐
• Information Security Management — Expert ⭐⭐⭐⭐
• Internal audit execution — Confirmed ⭐⭐⭐
• Control improvement — Confirmed ⭐⭐⭐
• ISO 27001 compliance — Expert ⭐⭐⭐⭐
• English — Advanced ⭐⭐⭐⭐