Security Compliance Analyst

If youre here its because youre looking for anexciting ride.

A ride that will fuel up your ambitions to take on a new challenge and stretch yourself beyond your comfort zone.

Well deliver a non-vanilla culture built on talent where we work to amplify the impact on millions of people paving the way forward together.

Not your usual app. We are the fastest-growing multi-category app connecting millions of users with businesses and couriers offering on-demand services from more than 170000 local restaurants grocers and supermarkets and high street retail stores. We operate in more than 1500 cities across 23 countries.

Together we revolutionise the way people connect with their everyday needs from delivering essentials to connecting our ecosystem of users through innovative solutions powered by technology. For us every day is filled with purpose.

What makes our ride unique

Our culture and strong values.

Our career development philosophy.

Our commitment to being a force for good.

We have a vision: Building the largest marketplace in your city to give access to anything in minutes. And this is where your ride starts.

YOUR MISSION

Glovo is currently seeking a Security Engineer for the Security GRC team with focus on Compliance to strengthen our organizations security posture and ensure adherence to a rapidly evolving regulatory this role you will be pivotal in managing traditional security frameworks like PCI and ISO. The ideal candidate has a strong background in cybersecurity a keen interest in AI security governance and the ability to translate complex legal requirements into practical actionable security controls.

THE JOURNEY

• Develop implement and maintain security policies and procedures in line with relevant compliance frameworks (e.g. ISO 27001 NIST SOC 2 GDPR NIS2).
• Build and maintain the control matrix in alignment with multiple compliance frameworks and standards ensuring a clear mapping of controls to requirements.
• Implement processes and tools for continuous monitoring of security controls and compliance metrics to ensure ongoing adherence to policies.
• Lead the end-to-end security certification and re-certification process (such as PCI DSS ISO 27001 NIS2 among others).
• Conduct internal assessments to identify gaps weaknesses or non-compliance issues within our security controls. Support external audits by preparing documentation and coordinating with auditors.
• Create and maintain comprehensive documentation for all compliance-related activities including audit findings risk assessments and remediation efforts. Prepare regular reports for management on the status of our security posture.
• Coordinate and respond to customer security inquiries and due diligence questionnaires (e.g. SIG CAIQ). Review and provide input on contract modifications related to security data protection and privacy.
• Serve as a key liaison between technical teams legal internal audit and business units to ensure a unified approach to security and compliance
• Assist in developing and delivering security awareness programs to educate employees on best practices and compliance requirements.

Assist in assessing security risks recommending and implementing mitigation strategies maintaining a risk register and monitoring the status of remediation plans.

WHAT YOU WILL BRING TO THE RIDE

• BA/BS in Computer Science Information Systems or similar field.
• Professional security certifications (CISSP CISM CISA ISO 27001 Lead Implementer or equivalent).
• Minimum 5 years of experience in the field or in a related area.
• Solid understanding and previous experience of security control frameworks (NIST PCI DSS GDRP ISO 27001 NIS2)
• Hands-on experience with GRC platforms (e.g. RSA Archer SAP GRC StandardFusion ServiceNow OneTrust etc).
• Strong ability to manage and report on multiple projects prioritizing efforts managing time effectively and requiring minimal direction in the execution.
• Proven problem solving analytical and investigative skills combined with the ability to develop creative solutions and navigate through ambiguity in a fast-paced agile environment.
• Proven team player collaborating well with others to tackle problems in a team-focused dynamic.
• Excellent written and communications skills as well as strong interpersonal and relationship building skills.
• Experience with compliance in cloud environments (AWS Azure GCP) and knowledge of frameworks like the Cloud Controls Matrix (CCM).

Nice to have:

• Development skills to automate integrations or processes (e.g. python).
• Experience with developing documenting and testing Business Continuity Plans (BCP) and Disaster Recovery (DR) plans.
• Working knowledge of the EU AI Act including its risk-based approach and requirements for high-risk and general-purpose AI models. Familiarity with AI security threats and relevant frameworks (NIST AI RMF MITRE ATLAS).

Individuals representing diverse profiles and abilities encompassing various genders ethnicities and backgrounds are less likely to apply for this role if they do not possess solid experience in 100% of these areas. Even if it seems you dont meet our musts dont let it stop you we are all about finding the best talent out there! Skills can be learned and embracing diversity is invaluable.

We believe driven talent deserves:

• An enticing equity plan that lets you own a piece of the action.
• Top-notch private health insurance to keep you at your peak.
• Monthly Glovo credit to satisfy your cravings!
• Discounts on transportation food and even kindergarten expenses.
• Discounted gym memberships to keep you energized.
• Extra time off the freedom to work from home two days a week and the opportunity to work from anywhere for up to three weeks a year!
• Enhanced parental leave and office-based nursery.
• Online therapy and wellbeing benefits to ensure your mental well-being.

Here at Glovo we thrive on diversity we believe it enhances our teams products and culture. We know that the best ideas come from a mashup of brilliant diverse minds. This is why we are committed to providing equal opportunities to talent from all backgrounds - all genders racial/diverse backgrounds abilities ages sexual orientations and all other unique characteristics that make you YOU. We will encourage you to bring your authentic self to work fostering an inclusive environment where everyone feels heard.

Feel free to note your pronouns in your application (e.g. she/her/hers he/him/his they/them/theirs etc).

So ready to take the wheel and make this the ride of your life

Delve into our culture by taking a peek at our Instagram and check out our Linkedin and website!