Senior IT Security Compliance Specialist

EcoVadis is the leading provider of business sustainability ratings. Their solutions are backed by an international team of experts and powerful technology. They analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social, and ethical risks.

• 5+ years of experience in GRC positions.
• Exceptional ability to build stakeholder relationships and translate technical risks into business impact.
• Ability to guide peers/junior staff through influence and technical authority.
• High degree of autonomy to drive complex GRC projects independently.
• Strong understanding of GRC frameworks, methodologies, and best practices.
• Knowledge of relevant laws, regulations, and industry standards.
• Hands-on experience creating and leading information security compliance programs based on multiple standards or regulations (e.g. ISO 27001, SOC2).
• Practical experience using AI to streamline compliance workflows and understanding associated risks.
• Strong analytical and problem-solving skills.
• Ability to conduct research and deliver security guidelines and improvements.
• Hands-on experience with Google Workspace is a plus.
• Fluent written and spoken English.

Lead and Maintain the IT Compliance Program:

• Create, author, develop and implement a comprehensive GRC strategy, including policies, procedures, and security requirements aligned with industry best practices and regulatory requirements.
• Deploy, maintain and continuously develop a proprietary consolidated control framework consistent with the organization's compliance requirements, including mapping controls for regulatory changes.
• Conduct IT compliance gap assessments and work with control owners to identify, evaluate, and prioritize remediation actions.
• Collaborate with subject matter experts and management to develop and implement corrective action plans and control improvements.
• Collaborate with Product teams to ensure "Compliance-by-Design," providing requirements and highlighting security risks during new feature discovery.
• Maintain and suggest improvements to the security maturity of the organization, including creating and maintaining a security maturity assessment framework.

Ensure Regulatory and Industry Standards Compliance:

• Stay abreast of relevant laws, regulations, security frameworks and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2).
• Promote awareness of applicable laws and regulations to employees and upper management.
• Conduct regular audits and assessments to monitor compliance and identify areas of improvement.
• Participate in third party audits, including leading them to support IT Security needs.

Support Business Processes:

• Perform deep-dive analysis and author technical responses for security questionnaires.
• Support review and provide expert analysis of security clauses in contracts.
• Participate in client meetings to address cybersecurity and regulatory compliance concerns.
• Conduct and document security reviews of SaaS applications, producing compliance assessment reports and mitigation recommendations.
• Support in maintaining a Security Trust Center or similar customer-facing resources.

Provide Strategic Guidance:

• Serve as main point of contact for senior management and stakeholders on regulatory and IT compliance matters.
• Develop and maintain strong relationships with key stakeholders across the organization.

Deliver IT Compliance Reporting:

• Develop, support and maintain key performance indicators (KPI) for the IT Compliance function.
• Gather, analyze and report on security metrics and compliance status.
• Prepare and design customized presentations and reports to senior management on IT Compliance program status and audit readiness.

Implement AI-Powered Compliance Operations:

• Lead adoption of Generative AI tools to automate evidence collection, draft security policies, and summarize regulatory changes, increasing team efficiency.

Offer available only for candidates eligible to work and live in Poland. Location: Hybrid in Warsaw (4 days per month in the office) / Full remote from Poland. EcoVadis commits to equity, inclusion and reducing bias in hiring processes. They welcome applications from disabled people, people with long-term health conditions, and neurodiverse candidates. Applicants are encouraged to remove personal information such as photographs, marital status, number of children, religion, gender, residential postal code, university graduation date, past medical or parental leaves, nationality (instead, state legal eligibility to work), and university name (instead, state degrees and study major).