Senior Governance, Risk, and Compliance, GRC Specialist

This is a fully remote position, open to applicants in Spain.

📋 Description

• Take ownership and lead compliance programs and audit processes (SOC 2, PCI DSS, GDPR, HIPAA/HITECH) from the planning phase to successful completion.

• Facilitate evidence collection, documentation, and audit preparedness, ensuring high-quality and timely outcomes.

• Serve as the primary contact for external auditors, customers, and prospects regarding security and compliance issues.

• Lead security conversations with enterprise clients, including in-depth reviews and security questionnaires.

• Manage internal and external assessments across systems, services, and teams.

• Oversee and enhance the Third-Party Risk Management program, ensuring the security compliance of vendors and partners is monitored effectively.

• Maintain, improve, and expand security controls and compliance processes throughout the organization.

• Collaborate with engineering and product teams to convert compliance requirements into actionable implementations.

• Monitor and drive remediation efforts, ensuring accountability and timely resolution of issues.

• Generate and present audit and compliance reports to internal stakeholders and leadership.

• Act as a strategic advisor by fostering security awareness and staying informed about evolving regulatory and compliance trends.

⛳️ Requirements

• 6+ years of experience in Information Security, Governance Risk & Compliance (GRC), Audit, or Risk Management.

• Extensive hands-on experience with frameworks such as SOC 2, PCI DSS, GDPR, HIPAA/HITECH.

• Demonstrated experience in owning and leading audits and compliance initiatives.

• Experience with cloud-based and distributed systems, preferably AWS.

• Strong project and stakeholder management abilities, capable of juggling multiple initiatives simultaneously.

• Excellent analytical and problem-solving skills, with a focus on finding solutions.

• Capacity to convey complex security and compliance concepts in clear documentation and accessible language.

• Strong communication abilities, engaging effectively with both technical teams and external stakeholders.

• A high level of curiosity, adaptability, and proactive ownership in addressing evolving security challenges.

• Exceptional written and spoken English skills.

• Nice to Have: Familiarity with ISO/IEC 27001 and ISO/IEC 42001, along with relevant certifications like CISA, CISM, CRISC, CISSP, ISO/IEC 27001 Lead Auditor, ISO/IEC 42001 Lead Auditor.

🏝️ Benefits

• A fast-growing, high-impact environment where you can implement significant improvements in security and compliance.

• A high degree of ownership, autonomy, and influence.

• A collaborative and mission-driven culture.

• Opportunities for team events, offsites, and travel.

• Complimentary gym membership (with an enjoyable commitment to utilize it!).

• A diverse international team (18+ languages, 11+ nationalities).