Senior IT Security GRC Specialist

At EcoVadis security is a product feature and a primary driver of customer trust and satisfaction. We are seeking a results-oriented IT Security GRC Senior Associate to safeguard our assets and global reputation and act as a strategic partner to our sales and product teams.

You will lead risk mitigation strategies and ensure compliance with global standards fostering a culture of security across our organization and partner ecosystem while promoting business acceleration. This is a high-impact opportunity for an expert to design and continuously develop a world-class GRC program that aligns with our strategic goals removes friction from sales cycles and exceeds the evolving customer expectations and regulatory needs.

Key Responsibilities:

• Develop and implement GRC Strategy:

  • Create author develop and implement a comprehensive GRC strategy which includes policies procedures and security requirements that aligns with industry best practices and regulatory requirements.

  • Deploy maintain and continuously develop a proprietary control framework that is consistent with the organizations compliance requirements and needs.

  • Support in conducting risk and control assessments and identify evaluate and prioritize potential threats and vulnerabilities.

  • Author and conceptualize original risk mitigation plans and corrective actions to address risks effectively.

  • Collaborate with Product teams to ensure Compliance-by-Design providing requirements and highlighting security risks during the discovery phase of new features and improvements.

• Ensure Regulatory and Industry Standards Compliance:

  • Stay abreast of relevant laws regulations security frameworks and industry standards (e.g. GDPR ISO 27001 NIS2 SOC 2...) and work towards ensuring the organizations compliance with them.

  • Promote awareness of applicable laws and regulations towards employees and upper management.

  • Conduct regular audits and assessments to monitor compliance and identify areas of improvement.

  • Be an active participant in third party audits including leading them to support IT Security needs.

• Support Business Processes:

  • Perform deep-dive analysis and author technical responses for security questionnaires translating complex internal security controls into customized client-facing documentation.

  • Review and provide expert analysis of security clauses in contracts drafting customized security requirements for clients and suppliers.

  • Participate in clients meetings to address cybersecurity concerns and requirements

  • Conduct and document security reviews of SaaS applications producing original risk assessment reports and designing mitigation recommendations.

  • Building and maintaining a Security Trust Center or similar customer-facing resources.

• Provide Strategic Guidance:

  • Become one of the main points of contact for senior management on GRC matters and create strategic advisory materials/models detailing the impact of GRC initiatives on business decisions.

  • Develop and maintain strong relationships with key stakeholders across the organization.

• Ensure Functional Supervision

  • Provide expert guidance and alignment for the GRC team; act as the technical mentor and quality gatekeeper for key deliverables including security awareness program and third-party risk assessments.

• Deliver IT Security Reporting:

  • Develop support and maintain key performance indicators (KPI) for the Security function.

  • Gather analyze and report on security metrics and compliance status.

  • Prepare and design customized presentations and reports to senior management on the status of the IT Security program including key risks threats and vulnerabilities.

• Implement AI-Powered GRC Operations:

  • Lead the practical adoption of Generative AI tools (LLMs AI Agents) to automate evidence collection draft security policies and summarize regulatory changes significantly increasing team efficiency.

Note: This job description is intended to provide a general overview of the position. It is not intended to be an exhaustive list of duties and responsibilities.

Qualifications :

Fluent written and spoken English.

5 years of experience in GRC positions.

Exceptional ability to build stakeholder relationships and translate technical risks into business impact.

Ability to align and guide peers/junior staff through influence and technical authority rather than formal people management.

High degree of autonomy and the ability to drive complex GRC projects independently from inception to completion.

Strong understanding of GRC frameworks methodologies and best practices.

Knowledge of relevant laws regulations and industry standards and open to explore other national-led frameworks that may be applicable to the organization.

Hands-on experience creating maintaining and improving compliance programs based on multiple standards or regulations (e.g. ISO 27001 SOC2 etc.)

Practical experience using AI to streamline compliance workflows and an understanding of the risks associated with AI adoption.

Strong analytical and problem-solving skills with the ability to assess risks and develop effective control measures.

Ability to conduct research about areas unknown to him/her and use that knowledge to deliver security guidelines and propose improvements.

Hands-on experience with Google Workspace is a plus.

Additional Information :

• Offer available only for candidates eligible to work and live in Poland

• Location: Hybrid in Warsaw (4 days per month in the office) / Full remote from Poland

In return for your expertise we offer:

• Support with all the necessary office and IT equipment

• Flexible working hours

• Wellness allowance for mental and physical wellbeing

• Access to professional mental health support

• Referral bonus policy

• Learning and development 

• Sustainability events and community involvement

• Peer recognition program

• Employee-led resource groups

• Optional (fully covered or co-financed) health care and life insurance

• Multisport card

• Multikafeteria

• Lunch card

• Hybrid work organization

• Remote work from abroad policy

• Internet and Electricity bill allowance

• Additional day for community service when volunteering

Our hiring team looks forward to reviewing your CV in English with a guaranteed response to every application. A new job with purpose awaits you!

Dont fit all the criteria but still think youd be a good candidate Please apply anyway to give our hiring team the opportunity to assess your skills and to learn more about what you could bring to EcoVadis. Were interested in hiring capable people regardless of professional and educational background.

Can the hiring process be adjusted to suit my needs Yes. We want everyone going through the hiring process with EcoVadis to feel confident that you are able to demonstrate your full potential. We welcome applications from disabled people people with long-term health conditions and neurodiverse candidates. If you need any adjustments including the provision of interview questions please let the hiring team know.

Our teams strength comes from everyones uniqueness and is founded upon mutual respect. EcoVadis commits to equity inclusion and reducing bias in our hiring processes. EcoVadis does not accept any form of discrimination based on color national or ethnic origin ancestry citizenship religion beliefs age sex gender identity sexual orientation neurodiversity disability parental status or any other protected characteristic that makes you your application we encourage you to remove personal information such as: photographs marital status number of children religion gender residential postal code university graduation date past medical or parental leave(s) taken nationality (instead please state if you are legally eligible to work in the job region/country) university name (instead please state any degrees obtained and the study major).

Remote Work :

Yes

Employment Type :

Full-time