Senior GRC Analyst

Work with HelloFresh in Warsaw and its HelloTech organisation, HelloFresh’s global technology backbone with more than 1000 people, building the digital products that power our end-to-end food experience. From meal kits and ready-to-eat meals to specialty offerings like pet food and premium meat & seafood, HelloTech creates the platforms that bring tailored food solutions to millions of customers every month. Our subscription-based, direct-to-consumer model relies on technology at every step, from customer-facing apps and personalization logic to pricing, forecasting, supply chain optimization, and initiatives that help reduce food waste. While our brands operate independently to serve distinct customer needs, they are united by shared platforms, data, and operational excellence built by HelloTech. HelloTech works in autonomous, cross-functional alliances, each owning a specific product or domain end to end. By working with our Warsaw office, you will help shape scalable, data-driven products used across our markets, working with a modern tech stack and international teams to continuously improve how people discover, order, and enjoy HelloFresh’s products, today and in the future. About the role: What's in the Box The service provider will contribute to the Governance, Risk & Compliance (GRC) function within HelloTech, focusing on the implementation and maintenance of information security compliance and certification programs. This engagement involves providing specialized services to ensure alignment between technical systems and global regulatory frameworks, supporting data protection initiatives, and managing third-party vendor risk assessments to safeguard the HelloFresh ecosystem. What you’ll do: The Recipe • Lead end-to-end compliance readiness for NIS2 and provide alignment services across key frameworks including PCI DSS, CSRD, ISO/SOC, and the EU AI Act. • Plan and execute internal control assessments and coordinate external compliance audits on a defined cadence. • Translate regulatory requirements into practical controls and drive cross-functional implementation across international technical units. • Manage remediation processes by tracking findings, evidence, and deadlines, providing regular status reports to primary stakeholders. • Enhance GRC maturity through continuous monitoring, comprehensive documentation, and technical guidance for other contributors. • Evaluate and validate the design and operational effectiveness of security policies, standards, and internal controls to mitigate compliance risk. • Develop accurate technical reports and presentations regarding the compliance landscape for executive and technical stakeholders. What you’ll bring: The Ingredients • 3+ years of experience delivering compliance services in a corporate environment focused on IT General Controls (ITGC), SOC 2, ISO 27001, PCI DSS, and EU NIS2. • Profound knowledge of data privacy directives including GDPR and CCPA/CPRA. • Proven ability to interpret complex compliance regulations and map them to specific system implementations and security frameworks. • Experience supporting third-party risk management programs and data privacy operations. • Expertise in developing and executing security awareness initiatives and technical training modules. • Strong organizational skills with the ability to provide services independently in a high-growth environment. • Prior experience providing services within SaaS environments, specifically involving Cloud and AWS infrastructure. • Industry certifications such as CISA, CISM, or CISSP are highly regarded. Above all, we are looking for individuals who will make HelloFresh better. We believe there are many different ways of developing skills and we love diverse experiences! So even if you don’t “tick all the boxes” but think you’d thrive in this role, we would really like to learn more about you. What we offer: The Toppings • Global collaboration at scale: Collaborate with experienced engineers and product partners across HelloTech’s international teams, in a culture of active knowledge sharing. • Technology with real-world impact: Build and operate modern systems at global scale, supporting 6+ millions of customers and complex supply chain operations. • Technical/Product/Design leadership: Drive best practices and influence architecture/design, quality, and ways of working in an autonomous, product-led setup. • End-to-end development/delivery: Drive decisions from problem definition to production, improving systems and enabling long-term scalability. • Access to workspace at Warsaw Centre Point. The hub offers modern facilities including showers, breakout zones, outdoor space, cycle parking, and refreshments (coffee, soft drinks, and fruit). Are you the missing ingredient? If this sounds like a tasty opportunity, we’d be excited to hear from you.  We aim to review your profile and respond within 5 business days.