The Cyber Security team is looking for a highly motivated GRC Specialist to join our team and take ownership of our Governance, Risk & Compliance program.
In this role, youll work closely with the CISO and cross-functional teams to embed security and compliance into everything we do. enabling the business to scale securely while meeting regulatory and customer expectations.
This is a high-impact position for someone who thrives in dynamic environments and wants to build, improve, and influence how security is managed across the organization.
What will you be doing:
Own and lead the organizations Governance, Risk & Compliance (GRC) program
Reporting the CISO to define and execute a GRC strategy aligned with business objectives and risk appetite
Develop, implement, and maintain security policies, standards, and procedures aligned with industry best practices and regulatory requirements
Lead and manage risk assessment processes across cybersecurity, IT, third-party, and operational domains
Maintain and actively manage the risk register, ensuring risks are identified, prioritized, tracked, and remediated
Drive and manage compliance programs (e.g., ISO 27001, NIST, CIS, GDPR), ensuring continuous audit readiness
Lead internal and external audits end-to-end, including evidence collection, auditor coordination, and remediation tracking
Manage third-party risk (TPRM), including vendor security assessments, questionnaires, and ongoing monitoring
Support product and engineering teams by integrating security and compliance requirements into new features and systems
Build and deliver risk and compliance reporting, including dashboards, KPIs, and executive-level insights
Translate technical risks into clear, business-relevant communication for leadership and stakeholders
Drive security awareness initiatives and promote a security-first culture across the organization
Requirements: 5+ years of experience in GRC, information security, risk management and compliance roles
Hands-on experience with security audits and certifications such as ISO 27001 and/or SOC 2
Strong understanding of risk management frameworks (e.g., NIST CSF, ISO 27001, CIS)
Experience managing third-party/vendor risk programs
Knowledge of data privacy and regulatory requirements (e.g., GDPR)
Familiarity with GRC platforms and compliance automation tools
Understanding of cloud environments (AWS, Azure, or GCP) and general security practices (infrastructure, application, and IT security)
Ability to manage multiple audit and compliance workstreams simultaneously with strong attention to detail
Experience with security tools and IT systems (advantage)
Familiarity with automation and/or AI-driven GRC processes (advantage)
Ability to think critically about emerging risks, including AI and evolving regulatory landscapes (advantage)
This position is open to all candidates.