IT Security Compliance Lead

At EcoVadis robust security and regulatory compliance are essential for protecting our assets and maintaining customer trust. We are seeking a results-oriented IT Security Compliance Lead to act as a core expert in ensuring organizational adherence to global IT compliance standards and regulatory mandates.

This high-impact role requires an expert to lead design and continuously enhance our IT Compliance program focusing on regulatory alignment elevating the organizations security posture and improving overall security maturity. You will drive continuous improvement across our IT security processes and ensure we meet evolving regulatory and customer needs.

Key Responsibilities:

• Lead and Maintain the IT Compliance Program:

  • Create author develop and implement a comprehensive GRC strategy which includes policies procedures and security requirements that aligns with industry best practices and regulatory requirements.

  • Deploy maintain and continuously develop a proprietary consolidated control framework that is consistent with the organizations compliance requirements and needs including mapping controls to facilitate the easy adoption of regulatory changes and updates.

  • Conduct IT compliance gap assessments and work with control owners to identify evaluate and prioritize remediation actions in accordance with the organizations risk acceptance criteria.

  • Collaborate with subject matter experts and management to develop and implement corrective action plans and control improvements to address identified compliance gaps and mitigate IT risks.

  • Collaborate with Product teams to ensure Compliance-by-Design providing requirements and highlighting security risks during the discovery phase of new features and improvements.

  • Maintain and suggest improvements to the security maturity of the organization including creating and maintaining a security maturity assessment framework and managing the tracking of associated improvement actions.

• Ensure Regulatory and Industry Standards Compliance:

  • Stay abreast of relevant laws regulations security frameworks and industry standards (e.g. GDPR ISO 27001 NIS2 SOC 2...) and work towards ensuring the organizations compliance with them.

  • Promote awareness of applicable laws and regulations towards employees and upper management.

  • Conduct regular audits and assessments to monitor compliance and identify areas of improvement.

  • Be an active participant in third party audits including leading them to support IT Security needs when applicable.

• Support Business Processes:

  • Perform deep-dive analysis and author technical responses for security questionnaires translating complex internal security controls into customized client-facing documentation.

  • Support in the review and provide expert analysis of security clauses in contracts drafting customized security requirements for clients and suppliers.

  • Participate in clients meetings to address cybersecurity and regulatory compliance concerns and requirements.

  • Conduct and document security reviews of SaaS applications producing original compliance assessment reports and designing mitigation recommendations.

  • Support in maintaining a Security Trust Center or similar customer-facing resources.

• Provide Strategic Guidance:

  • Serve as a main point of contact for senior management and stakeholders on regulatory and IT compliance matters creating strategic advisory materials detailing the impact of compliance initiatives on business decisions.

  • Develop and maintain strong relationships with key stakeholders across the organization.

• Deliver IT Compliance Reporting:

  • Develop support and maintain key performance indicators (KPI) for the IT Compliance function.

  • Gather analyze and report on security metrics and compliance status.

  • Prepare and design customized presentations and reports to senior management on the status of the IT Compliance program and audit readiness status.

• Implement AI-Powered Compliance Operations:

  • Lead the practical adoption of Generative AI tools (LLMs AI Agents) to automate evidence collection draft security policies and summarize regulatory changes significantly increasing team efficiency for IT Compliance deliverables.

Note: This job description is intended to provide a general overview of the position. It is not intended to be an exhaustive list of duties and responsibilities.

Qualifications :

• 5 years of experience in GRC positions.
• Exceptional ability to build stakeholder relationships and translate technical risks into business impact.
• Ability to align and guide peers/junior staff through influence and technical authority rather than formal people management.
• High degree of autonomy and the ability to drive complex GRC projects independently from inception to completion.
• Strong understanding of GRC frameworks methodologies and best practices.
• Knowledge of relevant laws regulations and industry standards and open to explore other national-led frameworks that may be applicable to the organization.
• Hands-on experience creating and leading information security compliance programs based on multiple standards or regulations (e.g. ISO 27001 SOC2 etc.)
• Practical experience using AI to streamline compliance workflows and an understanding of the risks associated with AI adoption.
• Strong analytical and problem-solving skills with the ability to assess risks and develop effective control measures.
• Ability to conduct research about areas unknown to him/her and use that knowledge to deliver security guidelines and propose improvements.
• Hands-on experience with Google Workspace is a plus.
• Fluent written and spoken English.

Additional Information :

• Offer available only for candidates eligible to work and live in Poland

• Location: Hybrid in Warsaw (4 days per month in the office) / Full remote from Poland

In return for your expertise we offer:

• Support with all the necessary office and IT equipment

• Flexible working hours

• Wellness allowance for mental and physical wellbeing

• Access to professional mental health support

• Referral bonus policy

• Learning and development 

• Sustainability events and community involvement

• Peer recognition program

• Employee-led resource groups

• Optional (fully covered or co-financed) health care and life insurance

• Multisport card

• Multikafeteria

• Lunch card

• Hybrid work organization

• Remote work from abroad policy

• Internet and Electricity bill allowance

• Additional day for community service when volunteering

Our hiring team looks forward to reviewing your CV in English with a guaranteed response to every application. A new job with purpose awaits you!

Dont fit all the criteria but still think youd be a good candidate Please apply anyway to give our hiring team the opportunity to assess your skills and to learn more about what you could bring to EcoVadis. Were interested in hiring capable people regardless of professional and educational background.

Can the hiring process be adjusted to suit my needs Yes. We want everyone going through the hiring process with EcoVadis to feel confident that you are able to demonstrate your full potential. We welcome applications from disabled people people with long-term health conditions and neurodiverse candidates. If you need any adjustments including the provision of interview questions please let the hiring team know.

Our teams strength comes from everyones uniqueness and is founded upon mutual respect. EcoVadis commits to equity inclusion and reducing bias in our hiring processes. EcoVadis does not accept any form of discrimination based on color national or ethnic origin ancestry citizenship religion beliefs age sex gender identity sexual orientation neurodiversity disability parental status or any other protected characteristic that makes you your application we encourage you to remove personal information such as: photographs marital status number of children religion gender residential postal code university graduation date past medical or parental leave(s) taken nationality (instead please state if you are legally eligible to work in the job region/country) university name (instead please state any degrees obtained and the study major).

Remote Work :

Yes

Employment Type :

Full-time