We are looking for a GRC Lead to own and scale our Governance, Risk, and Compliance function within a fast‑growing product company. This is a key role responsible for ensuring compliance with SOX, ISO 27001, and GDPR, while enabling the business to move fast in a secure and controlled way.
You will act as the main driver of our compliance strategy, working cross‑functionally with Engineering, Security, Legal, Finance, and Product teams.
What you will do
* Own and lead the company’s GRC strategy across SOX, ISO 27001, and GDPR
* Design, implement, and maintain SOX control frameworks, including documentation, testing, and audit readiness
* Build and manage the Information Security Management System (ISMS) aligned with ISO 2001
* Ensure GDPR compliance across all data processing activities, including data mapping, DPIAs, and privacy controls
* Lead internal and external audits, acting as the primary point of contact for auditors
* Identify compliance gaps and drive remediation plans with technical and non‑technical teams
* Develop governance policies, procedures, and risk management frameworks
* Partner closely with Engineering and Security teams to embed controls into systems and SDLC processes
* Monitor regulatory and compliance changes and translate them into actionable requirements
Requirements
* 8+ years of experience in GRC, Risk, Compliance, or IT Audit roles
* Strong hands‑on experience with SOX compliance programs (design, testing, audit coordination)
* Solid knowledge of ISO 2001 and experience managing or supporting ISMS implementation
* Practical experience with GDPR in a product or corporate environment
* Experience working with internal and external auditors
* Strong stakeholder management and communication skills across technical and non‑technical teamsAbility to translate regulatory requirements into scalable business processes
* Fluent English
Nice to have
* Experience in SaaS or product‑led companies
* Experience in Big 4 (Deloitte, EY, PwC, KPMG) or similar audit environments
* Familiarity with cloud environments (AWS, GCP, Azure)
* Security certifications (CISA, CISM, ISO 2001 Lead Implementer/Auditor)
#J-18808-Ljbffr