Hi everyone,
I’m a junior professional in data protection and compliance, with strong hands-on experience handling DSRRs and supporting GDPR operations in a multinational environment. I also have some exposure to ISO 27001 and related frameworks.
I’m currently trying to transition into ISO 27001 audit, risk, or information security governance roles, as I’ve been struggling to find opportunities on the purely legal side—and I’ve realized I’m more interested in the practical/operational side than in traditional legal work.
A key motivation is that much of my current work is becoming automated through AI and tools, so I want to move towards more strategic, audit-focused roles with better long-term prospects (my last role was around €1400 net/month)
Given my background, what would you recommend as the most effective path into ISO 27001 auditing or similar roles? Are there specific certifications (e.g., Lead Auditor), types of experience, or technical skills I should prioritize?
I do already have coursera plus and money for the cipp/e certificate.
Thanks a lot for any guidance!