EcoVadis
1001 - 5000 employees
Founded 2007
☁️ SaaS
📋 Compliance
🏢 Enterprise
💰 Secondary Market on 2022-11
SaaS • Compliance • Enterprise
EcoVadis is a SaaS company that offers sustainability intelligence solutions for companies of any size and industry, focused on managing ESG risk, compliance, and corporate sustainability goals. The platform provides services like sustainability ratings, risk mapping, carbon management, and due diligence to help companies improve their sustainability performance. EcoVadis covers over 180 countries and 220 industries, offering detailed insights to support supply chain sustainability and compliance with global regulations. The company also provides resources such as the EcoVadis Learning Academy to help companies meet specific sustainability targets, including net-zero carbon goals. EcoVadis serves a broad range of industries, including finance, pharmaceuticals, consumer goods, and more.
Senior IT Security GRC Specialist
Job not on LinkedIn
🕒 April 21
📊 Check your resume score for this job
Improve your chances of getting an interview by checking your resume score before you apply.
EcoVadis
1001 - 5000 employees
Founded 2007
☁️ SaaS
📋 Compliance
🏢 Enterprise
💰 Secondary Market on 2022-11
SaaS • Compliance • Enterprise
EcoVadis is a SaaS company that offers sustainability intelligence solutions for companies of any size and industry, focused on managing ESG risk, compliance, and corporate sustainability goals. The platform provides services like sustainability ratings, risk mapping, carbon management, and due diligence to help companies improve their sustainability performance. EcoVadis covers over 180 countries and 220 industries, offering detailed insights to support supply chain sustainability and compliance with global regulations. The company also provides resources such as the EcoVadis Learning Academy to help companies meet specific sustainability targets, including net-zero carbon goals. EcoVadis serves a broad range of industries, including finance, pharmaceuticals, consumer goods, and more.
📋 Description
• Develop and implement GRC Strategy: Create, author, develop and implement a comprehensive GRC strategy, which includes policies, procedures, and security requirements that aligns with industry best practices and regulatory requirements. • Deploy, maintain and continuously develop a proprietary control framework that is consistent with the organization’s compliance requirements and needs. • Support in conducting risk and control assessments, and identify, evaluate, and prioritize potential threats and vulnerabilities. • Author and conceptualize original risk mitigation plans and corrective actions to address risks effectively. • Collaborate with Product teams to ensure "Compliance-by-Design," providing requirements and highlighting security risks during the discovery phase of new features and improvements. • Ensure Regulatory and Industry Standards Compliance: Stay abreast of relevant laws, regulations, security frameworks and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2,...), and work towards ensuring the organization’s compliance with them. • Promote awareness of applicable laws and regulations towards employees and upper management. • Conduct regular audits and assessments to monitor compliance and identify areas of improvement. • Be an active participant in third party audits, including leading them to support IT Security needs. • Support Business Processes: Perform deep-dive analysis and author technical responses for security questionnaires, translating complex internal security controls into customized client-facing documentation. • Review and provide expert analysis of security clauses in contracts, drafting customized security requirements for clients and suppliers. • Participate in clients meetings to address cybersecurity concerns and requirements, Conduct and document security reviews of SaaS applications, producing original risk assessment reports and designing mitigation recommendations. • Building and maintaining a Security Trust Center or similar customer-facing resources. • Provide Strategic Guidance: Become one of the main points of contact for senior management on GRC matters, and create strategic advisory materials/models detailing the impact of GRC initiatives on business decisions. • Develop and maintain strong relationships with key stakeholders across the organization. • Ensure Functional Supervision Provide expert guidance and alignment for the GRC team; act as the technical mentor and "quality gatekeeper" for key deliverables, including security awareness program and third-party risk assessments. • Deliver IT Security Reporting: Develop, support and maintain key performance indicators (KPI) for the Security function. Gather, analyze and report on security metrics and compliance status. Prepare and design customized presentations and reports to senior management on the status of the IT Security program, including key risks, threats, and vulnerabilities. • Implement AI-Powered GRC Operations: Lead the practical adoption of Generative AI tools (LLMs, AI Agents) to automate evidence collection, draft security policies, and summarize regulatory changes, significantly increasing team efficiency.
🎯 Requirements
• Fluent written and spoken English. • 5+ years of experience in GRC positions. • Exceptional ability to build stakeholder relationships and translate technical risks into business impact. • Ability to align and guide peers/junior staff through influence and technical authority, rather than formal people management. • High degree of autonomy and the ability to drive complex GRC projects independently from inception to completion. • Strong understanding of GRC frameworks, methodologies, and best practices. • Knowledge of relevant laws, regulations, and industry standards, and open to explore other national-led frameworks that may be applicable to the organization. • Hands-on experience creating, maintaining and improving compliance programs based on multiple standards or regulations (e.g. ISO 27001, SOC2, etc.) • Practical experience using AI to streamline compliance workflows and an understanding of the risks associated with AI adoption. • Strong analytical and problem-solving skills, with the ability to assess risks and develop effective control measures. • Ability to conduct research about areas unknown to him/her, and use that knowledge to deliver security guidelines and propose improvements. • Hands-on experience with Google Workspace is a plus.
🏖️ Benefits
• Support with all the necessary office and IT equipment • Flexible working hours • Wellness allowance for mental and physical wellbeing • Access to professional mental health support • Referral bonus policy • Learning and development • Sustainability events and community involvement • Peer recognition program • Employee-led resource groups • Optional (fully covered or co-financed) health care and life insurance • Multisport card • Multikafeteria • Lunch card • Hybrid work organization • Remote work from abroad policy • Internet and Electricity bill allowance • Additional day for community service when volunteering
Apply Now
