IT Security Compliance Lead

EcoVadis is the leading provider of business sustainability ratings. Their solutions are backed by an international team of experts and powerful technology. They analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social, and ethical risks.

• 5+ years of experience in GRC positions.
• Exceptional ability to build stakeholder relationships and translate technical risks into business impact.
• Ability to guide peers/junior staff through influence and technical authority.
• High degree of autonomy to drive complex GRC projects independently.
• Strong understanding of GRC frameworks, methodologies, and best practices.
• Knowledge of relevant laws, regulations, and industry standards; open to exploring other national-led frameworks.
• Hands-on experience creating and leading information security compliance programs based on multiple standards or regulations (e.g. ISO 27001, SOC2).
• Practical experience using AI to streamline compliance workflows and understanding associated risks.
• Strong analytical and problem-solving skills.
• Ability to research unknown areas and deliver security guidelines and improvements.
• Hands-on experience with Google Workspace is a plus.
• Fluent written and spoken English.

Lead and Maintain the IT Compliance Program:

• Create, author, develop and implement a comprehensive GRC strategy, including policies, procedures, and security requirements aligned with industry best practices and regulatory requirements.
• Deploy, maintain and continuously develop a proprietary consolidated control framework consistent with the organization's compliance requirements, including mapping controls for regulatory changes.
• Conduct IT compliance gap assessments and work with control owners to identify, evaluate, and prioritize remediation actions.
• Collaborate with subject matter experts and management to develop and implement corrective action plans and control improvements.
• Collaborate with Product teams to ensure "Compliance-by-Design," providing requirements and highlighting security risks during new feature discovery.
• Maintain and suggest improvements to the organization's security maturity, including creating and maintaining a security maturity assessment framework.

Ensure Regulatory and Industry Standards Compliance:

• Stay abreast of relevant laws, regulations, security frameworks and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2).
• Promote awareness of applicable laws and regulations to employees and upper management.
• Conduct regular audits and assessments to monitor compliance and identify areas for improvement.
• Participate and lead third party audits to support IT Security needs.

Support Business Processes:

• Perform deep-dive analysis and author technical responses for security questionnaires.
• Review and provide expert analysis of security clauses in contracts, drafting customized security requirements.
• Participate in client meetings to address cybersecurity and regulatory compliance concerns.
• Conduct and document security reviews of SaaS applications, producing compliance assessment reports and mitigation recommendations.
• Support maintenance of a Security Trust Center or similar customer-facing resources.

Provide Strategic Guidance:

• Serve as main contact for senior management and stakeholders on regulatory and IT compliance matters.
• Develop and maintain strong relationships with key stakeholders.

Deliver IT Compliance Reporting:

• Develop, support and maintain KPIs for the IT Compliance function.
• Gather, analyze and report on security metrics and compliance status.
• Prepare customized presentations and reports to senior management on IT Compliance program status and audit readiness.

Implement AI-Powered Compliance Operations:

• Lead adoption of Generative AI tools to automate evidence collection, draft security policies, and summarize regulatory changes, increasing team efficiency.

Offer available only for candidates eligible to work and live in Poland.