Senior IT Security GRC Specialist

About The Position

Requirements

• Fluent written and spoken English.
• 5+ years of experience in GRC positions.
• Exceptional ability to build stakeholder relationships and translate technical risks into business impact.
• Ability to align and guide peers/junior staff through influence and technical authority, rather than formal people management.
• High degree of autonomy and the ability to drive complex GRC projects independently from inception to completion.
• Strong understanding of GRC frameworks, methodologies, and best practices.
• Knowledge of relevant laws, regulations, and industry standards, and open to explore other national-led frameworks that may be applicable to the organization.
• Hands-on experience creating, maintaining and improving compliance programs based on multiple standards or regulations (e.g. ISO 27001, SOC2, etc.)
• Practical experience using AI to streamline compliance workflows and an understanding of the risks associated with AI adoption.
• Strong analytical and problem-solving skills, with the ability to assess risks and develop effective control measures.
• Ability to conduct research about areas unknown to him/her, and use that knowledge to deliver security guidelines and propose improvements.

Nice To Haves

• Hands-on experience with Google Workspace is a plus.

Responsibilities

• Develop and implement GRC Strategy: Create, author, develop and implement a comprehensive GRC strategy, which includes policies, procedures, and security requirements that aligns with industry best practices and regulatory requirements.
• Deploy, maintain and continuously develop a proprietary control framework that is consistent with the organization’s compliance requirements and needs.
• Support in conducting risk and control assessments, and identify, evaluate, and prioritize potential threats and vulnerabilities.
• Author and conceptualize original risk mitigation plans and corrective actions to address risks effectively.
• Collaborate with Product teams to ensure "Compliance-by-Design," providing requirements and highlighting security risks during the discovery phase of new features and improvements.
• Ensure Regulatory and Industry Standards Compliance: Stay abreast of relevant laws, regulations, security frameworks and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2,...), and work towards ensuring the organization’s compliance with them.
• Promote awareness of applicable laws and regulations towards employees and upper management.
• Conduct regular audits and assessments to monitor compliance and identify areas of improvement.
• Be an active participant in third party audits, including leading them to support IT Security needs.
• Support Business Processes: Perform deep-dive analysis and author technical responses for security questionnaires, translating complex internal security controls into customized client-facing documentation.
• Review and provide expert analysis of security clauses in contracts, drafting customized security requirements for clients and suppliers.
• Participate in clients meetings to address cybersecurity concerns and requirements, Conduct and document security reviews of SaaS applications, producing original risk assessment reports and designing mitigation recommendations.
• Building and maintaining a Security Trust Center or similar customer-facing resources.
• Provide Strategic Guidance: Become one of the main points of contact for senior management on GRC matters, and create strategic advisory materials/models detailing the impact of GRC initiatives on business decisions.
• Develop and maintain strong relationships with key stakeholders across the organization.
• Ensure Functional Supervision Provide expert guidance and alignment for the GRC team; act as the technical mentor and "quality gatekeeper" for key deliverables, including security awareness program and third-party risk assessments.
• Deliver IT Security Reporting: Develop, support and maintain key performance indicators (KPI) for the Security function.
• Gather, analyze and report on security metrics and compliance status.
• Prepare and design customized presentations and reports to senior management on the status of the IT Security program, including key risks, threats, and vulnerabilities.
• Implement AI-Powered GRC Operations: Lead the practical adoption of Generative AI tools (LLMs, AI Agents) to automate evidence collection, draft security policies, and summarize regulatory changes, significantly increasing team efficiency.

Benefits

• Support with all the necessary office and IT equipment
• Flexible working hours
• Wellness allowance for mental and physical wellbeing
• Access to professional mental health support
• Referral bonus policy
• Learning and development
• Sustainability events and community involvement
• Peer recognition program
• Optional (fully covered or co-financed) health care and life insurance
• Multisport card
• Multikafeteria
• Lunch card
• Hybrid work organization
• Remote work from abroad policy
• Internet and Electricity bill allowance
• Additional day for community service when volunteering