Senior Governance, Risk, and Compliance Specialist

This is a fully remote position, open to applicants in Estonia.

📋 Description

• Take charge of and oversee compliance initiatives and audit operations (SOC 2, PCI DSS, GDPR, HIPAA/HITECH) from the planning stage through to successful execution.

• Facilitate the collection of evidence, documentation, and ensure audit preparedness, delivering high-quality results in a timely manner.

• Serve as the main point of contact for external auditors, clients, and potential customers regarding security and compliance issues.

• Lead security discussions with enterprise clients, including in-depth reviews and responses to security questionnaires.

• Manage internal and external evaluations across various systems, services, and teams.

• Own and enhance the Third-Party Risk Management program, overseeing and monitoring the security compliance of vendors and partners.

• Maintain, improve, and expand security controls and compliance practices throughout the organization.

• Collaborate with engineering and product teams to convert compliance requirements into actionable implementations.

• Monitor and drive remediation actions, ensuring accountability and prompt resolution.

• Generate and present audit and compliance reports to internal stakeholders and leadership.

• Act as a strategic consultant by fostering security awareness and keeping ahead of changing regulatory and compliance trends.

⛳️ Requirements

• Minimum of 6 years of experience in Information Security, Governance Risk & Compliance (GRC), Audit, or Risk Management.

• Significant hands-on experience with frameworks such as SOC 2, PCI DSS, GDPR, HIPAA/HITECH.

• Demonstrated experience in managing and leading audits and compliance projects.

• Familiarity with cloud-based and distributed systems (preferably AWS).

• Strong project and stakeholder management capabilities, able to handle multiple initiatives simultaneously.

• Excellent analytical and problem-solving abilities, with a focus on solutions.

• Capacity to translate intricate security and compliance concepts into clear documentation and business-friendly terminology.

• Strong communication skills, with experience engaging both technical teams and external stakeholders.

• High curiosity, adaptability, and proactive ownership in addressing evolving security challenges.

• Exceptional written and spoken English skills.

🏝️ Benefits

• An environment that is rapidly growing and impactful, where you can make significant contributions to security and compliance improvements.

• A high degree of ownership, autonomy, and influence.

• A collaborative and mission-driven culture.

• Opportunities for team events, offsites, and travel.

• Complimentary gym membership (with a fun commitment to utilize it!).

• A diverse international team speaking over 18 languages and representing more than 11 nationalities.