GRC Assessor

O projekcie: We are looking for an experienced GRC Assessor to support a post go-live security assessment following the transition of ICT managed services to a new service provider. This role focuses on evaluating the effectiveness of implemented security controls in a live environment. It is a non-assurance, point-in-time assessment, requiring a strong ability to review operational evidence rather than perform technical testing or design reviews. The ideal candidate brings hands-on experience in operational security reviews, particularly within managed services or regulated environments, and is comfortable working with documentation, logs, and governance processes. Wymagania: - Proven experience in GRC, IT security assessments, or operational risk reviews. - Experience performing post-go-live / post-implementation reviews in managed services or regulated environments (e.g., public sector, finance, healthcare). - Strong understanding of security control domains, including: - Identity & Access Management (IAM) - Security Operations / Monitoring (SOC) - Incident Response - Vulnerability and Patch Management - Backup & Recovery - Change and Configuration Management - Experience working with cloud and hybrid environments, including: - Microsoft Azure - Amazon Web Services - Google Cloud Platform - Ability to perform evidence-based assessments (not penetration testing or deep technical validation). - Strong analytical skills and attention to detail. - Experience in stakeholder communication and reporting. Compliance & Framework Knowledge - Familiarity with security frameworks and regulations at a governance and control effectiveness level, including: - ISO/IEC 27001 - NIS2 Directive - General Data Protection Regulation Codzienne zadania: - Perform post-implementation security assessments to evaluate the effectiveness of operational controls after service transition. - Review and analyze evidence-based artifacts, including logs, tickets, access records, incident reports, and change records. - Assess risks related to service transition and inherited controls, including access provisioning/revocation, logging continuity, and knowledge transfer. - Evaluate governance and operational effectiveness across key security domains. - Identify gaps, risks, and improvement areas, and provide actionable recommendations. - Collaborate with stakeholders across security, IT, and service providers to validate findings and ensure alignment. - Prepare clear and structured assessment reports for management and key stakeholders.