GRC Security Expert

This is a fully remote position, open to applicants in Greece.

📋 Description

• Define, establish, and implement processes for organizational information security to ensure compliance with business, regulatory, legislative, and contractual obligations.

• Oversee both internal and external ISMS audit procedures, assessing the effectiveness of controls and corrective measures in collaboration with stakeholders throughout the organization.

• Conduct gap analyses, assess compliance readiness, and monitor compliance activities for ISO/IEC 27001, PCI DSS, and other regulatory security audits.

• Coordinate external security audits, assessments, and testing, as well as the development and implementation of remediation plans.

• Identify, evaluate, and monitor information security risks while recommending appropriate mitigation strategies.

• Create content for and manage a comprehensive organizational information security awareness training program.

• Oversee security requirements with third-party vendors, including due diligence for product and service providers and information security clauses in service agreements and contracts.

• Develop, coordinate, and maintain information security policies, procedures, and other security-related documentation.

• Analyze, map, and communicate information security requirements stemming from legislative and regulatory obligations across various jurisdictions.

• Act as project manager/lead for security-related projects.

• Continuously enhance and update knowledge to align with changes in the company's regulatory landscape and requirements.

⛳️ Requirements

• Demonstrated experience (3+ years) in the fields of security governance, risk, and compliance.

• Excellent communication skills with the ability to engage professionally with a diverse array of individuals, including executive management, managers, and subject matter experts.

• Strong leadership capabilities, including task delegation, goal-setting, and ensuring objectives are achieved in a timely manner.

• Experience leading PCI DSS, ISO 27001:2022, and SOC/ISAE402 certification and surveillance audits, as well as facilitating information security risk assessments and management processes.

• Bachelor’s Degree in Information Security, Information Assurance, Computer Science, Cybersecurity, Risk Management, or equivalent professional experience.

• Professional certifications such as CISSP/CISM and ISO 27001 Lead Implementer/Auditor or similar credentials.

• A proactive and self-motivated attitude with the ability to work independently within a global security team.

• Proficient written and spoken English skills.

🏝️ Benefits

• An initiative-taking and confident approach in the workplace.

• A global scope and inclusive working environment.

• Ongoing opportunities for learning and professional development.

• Support for an active lifestyle and mental well-being.

• Engaging and enjoyable company events.