Governance, Risk and Compliance (GRC) Specialist

Company Description

Work smart, have fun and make an impact!

Our purpose is to guide all companies toward a sustainable world. EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. We analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.

Why apply to EcoVadis?

Be a part of the global sustainability change in business. Grow your career. Work with extraordinary people. Feel valued for your contribution.

Learn more about our team and culture on EcoVadis careers page

If you have questions about the company or open roles you can Chat with an insider

Job Description

Our IT Security team is looking for a GRC Specialist to lead our organization's efforts to achieve and maintain SOC 2 compliance, as well as promoting the adoption of our internal IT Security Framework, based on NIST 800-53. 

As a GRC Specialist, you will act as the internal subject matter expert on SOC 2 Compliance, providing guidance, advice, and support to teams across the organization to achieve such alignment with our framework.

You will have the opportunity to make a significant impact and contribute to the overall success of our company.

This role will include the following responsibilities:

• Develop and implement a comprehensive security control framework:
  • Define and advise on the adequate scope for SOC 2 compliance and establish project plans, timelines, and objectives;
  • Conduct compliance assessments and identify control gaps, develop and drive strategies and action plans to address them;
  • Create and maintain policies, procedures, and documentation necessary to facilitate alignment with our internal IT Security Framework;
  • Contribute to the development and implementation of the IT Security Framework. (e.g. control mapping to other frameworks, add controls to the framework as required, attribute definition, ensure remediation of gaps, etc.).
• Lead the SOC 2 audit process:
  • Serve as the primary point of contact for external auditors and coordinate all audit-related activities;
  • Prepare and review documentation, evidence, and artifacts required for the audit;
  • Collaborate with internal stakeholders to ensure audit readiness and facilitate the successful completion of the audit.
• Drive continuous improvement:
  • Stay up to date with the latest industry standards, regulations, and best practices related to SOC 2 compliance and/or other relevant IT compliance frameworks;
  • Conduct regular reviews and assessments to identify opportunities for process improvements and enhanced security measures;
  • Develop and deliver training programs to educate employees on IT Security compliance requirements and best practices.
• Monitor and report on compliance status:
  • Establish monitoring mechanisms and conduct regular internal audits to ensure ongoing compliance with our internal framework, and especially with SOC 2 requirements;
  • Generate reports and metrics to provide visibility into compliance status and communicate progress to senior management and relevant stakeholders;
  • Identify and escalate any compliance issues, vulnerabilities, or incidents, and recommend remediation actions.

Qualifications

• A minimum of 3 years experience in a similar role, leading SOC 2 compliance and security control compliance efforts in an agile, technology-driven environment;
• Strong knowledge and understanding of SOC 2 requirements and related frameworks;
• Familiarity with industry standards and best practices, such as ISO 27001, NIST 800-53, and knowing how to map similar requirements between multiple standards into an aggregated list of controls;
• Ability to recognize, analyze and document deficiencies, articulate those deficiencies to the stakeholders, and provide recommendations to remediate them;
• Experience in control testing – knowing how to get the information needed to conduct testing and interpret if the evidence received by a control owner/stakeholder is sufficient for internal assessment and audit purposes;
• Hands-on experience leading SOC 2 audits and ensuring the quality of the deliverables is according to our expectations;
• Excellent communication and interpersonal skills, with the ability to collaborate effectively across departments and present complex information to both technical and non-technical audiences;
• Strong analytical and problem-solving skills, with the ability to assess risks and develop effective control measures;
• Ability to work independently;
• Professional certifications (e.g. CISA, CISSP, CISM, CompTIA Security+);
• Ability to conduct research about areas unknown to him/her, and use that knowledge to deliver security guidelines and propose improvements;
• Open to work in an international, multilingual environment;
• Proficient in English (oral and written);
• Hands-on experience with Google Workspace is a plus.

Additional Information

Location: Warsaw / Remote in Poland
Start date: ASAP
Contract: B2B or CoE

Everyone at EcoVadis contributes to a culture of trust, respect and empowerment. Our growing team in Poland is full of talented professionals from various sectors who all share a desire to make an impact. We offer competitive salaries and support personal growth from day one with extensive onboarding, mentoring and a brand new e-learning platform bursting with courses and modules so you can learn new skills and fine-tune old ones.

Benefits:

• Support with all the necessary office and IT equipment
• Optional (fully covered or co-financed) health care and life insurance
• Multisport card and wellness allowance
• Multicafeteria Lunch card
• Annual performance bonus
• Flexible working hours
• Hybrid/ full remote work
• Remote work from abroad policy
• Internet and Electricity bill allowance
• CSR activities
• Modern, pet-friendly office in the city center (next to Rondo ONZ)
• Community service day when volunteering

Our hiring team looks forward to reviewing your CV, in English, with a guaranteed response to every application. A new job with purpose awaits you!

Don’t fit all the criteria but still think you’d be a good candidate? Please apply anyway to give our hiring team the opportunity to assess your skills and to learn more about what you could bring to EcoVadis. We’re interested in hiring capable people, regardless of professional and educational background.

Can the hiring process be adjusted to suit my needs? Yes. We want everyone going through the hiring process with EcoVadis to feel confident that you are able to demonstrate your full potential. We welcome applications from disabled people, people with long-term health conditions, and neurodiverse candidates. If you need any adjustments, including the provision of interview questions, please let the hiring team know.

Our team’s strength comes from everyone’s uniqueness and is founded upon mutual respect. EcoVadis commits to equity, inclusion and reducing bias in our hiring processes. EcoVadis does not accept any form of discrimination based on color, national or ethnic origin, ancestry, citizenship, religion, beliefs, age, sex, gender identity, sexual orientation, neurodiversity, disability, parental status, or any other protected characteristic that makes you unique. In your application, we encourage you to remove personal information such as: photographs, marital status, number of children, religion, gender, residential postal code, university graduation date, past medical or parental leave(s) taken, nationality (instead, please state if you are legally eligible to work in the job region/country), university name (instead, please state any degrees obtained and the study major).