Senior IT Security GRC Specialist

O projekcie: At EcoVadis, security is a product feature and a primary driver of customer trust and satisfaction. We are seeking a results-oriented IT Security GRC Senior Associate to safeguard our assets and global reputation, and act as a strategic partner to our sales and product teams. You will lead risk mitigation strategies and ensure compliance with global standards, fostering a culture of security across our organization and partner ecosystem, while promoting business acceleration. This is a high-impact opportunity for an expert to design and continuously develop a world-class GRC program that aligns with our strategic goals, removes friction from sales cycles, and exceeds the evolving customer expectations and regulatory needs. Additional Information - Offer available only for candidates eligible to work and live in Poland - Location: Hybrid in Warsaw (4 days per month in the office) / Full remote from Poland In return for your expertise, we offer: - Support with all the necessary office and IT equipment - Flexible working hours - Wellness allowance for mental and physical wellbeing - Access to professional mental health support - Referral bonus policy - Learning and development  - Sustainability events and community involvement - Peer recognition program - Employee-led resource groups - Optional (fully covered or co-financed) health care and life insurance - Multisport card - Multikafeteria - Lunch card - Hybrid work organization - Remote work from abroad policy - Internet and Electricity bill allowance - Additional day for community service when volunteering Wymagania: - Fluent written and spoken English. - 5+ years of experience in GRC positions. - Exceptional ability to build stakeholder relationships and translate technical risks into business impact. - Ability to align and guide peers/junior staff through influence and technical authority, rather than formal people management. - High degree of autonomy and the ability to drive complex GRC projects independently from inception to completion. - Strong understanding of GRC frameworks, methodologies, and best practices. - Knowledge of relevant laws, regulations, and industry standards, and open to explore other national-led frameworks that may be applicable to the organization. - Hands-on experience creating, maintaining and improving compliance programs based on multiple standards or regulations (e.g. ISO 27001, SOC2, etc.) - Practical experience using AI to streamline compliance workflows and an understanding of the risks associated with AI adoption. - Strong analytical and problem-solving skills, with the ability to assess risks and develop effective control measures. - Ability to conduct research about areas unknown to him/her, and use that knowledge to deliver security guidelines and propose improvements. - Hands-on experience with Google Workspace is a plus. Codzienne zadania: - Develop and implement GRC strategy - Ensure Regulatory and Industry Standards Compliance - Support Business Processes - Provide Strategic Guidance - Ensure Functional Supervision - Deliver IT Security Reporting - Implement AI-Powered GRC Operations - Note: This job description is intended to provide a general overview of the position. It is not intended to be an exhaustive list of duties and responsibilities.