At EcoVadis, security is a product feature and a primary driver of customer trust and satisfaction. We are seeking a results-oriented IT Security GRC Senior Associate to safeguard our assets and global reputation, and act as a strategic partner to our sales and product teams.
You will lead risk mitigation strategies and ensure compliance with global standards, fostering a culture of security across our organization and partner ecosystem, while promoting business acceleration. This is a high-impact opportunity for an expert to design and continuously develop a world-class GRC program that aligns with our strategic goals, removes friction from sales cycles, and exceeds the evolving customer expectations and regulatory needs.
-
Develop and implement GRC Strategy:
-
Create, author, develop and implement a comprehensive GRC strategy, which includes policies, procedures, and security requirements that aligns with industry best practices and regulatory requirements.
-
Deploy, maintain and continuously develop a proprietary control framework that is consistent with the organization’s compliance requirements and needs.
-
Support in conducting risk and control assessments, and identify, evaluate, and prioritize potential threats and vulnerabilities.
-
Author and conceptualize original risk mitigation plans and corrective actions to address risks effectively.
-
Collaborate with Product teams to ensure "Compliance-by-Design," providing requirements and highlighting security risks during the discovery phase of new features and improvements.
-
Ensure Regulatory and Industry Standards Compliance:
-
Stay abreast of relevant laws, regulations, security frameworks and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2,...), and work towards ensuring the organization’s compliance with them.
-
Promote awareness of applicable laws and regulations towards employees and upper management.
-
Conduct regular audits and assessments to monitor compliance and identify areas of improvement.
-
Be an active participant in third party audits, including leading them to support IT Security needs.
-
Support Business Processes:
-
Perform deep-dive analysis and author technical responses for security questionnaires, translating complex internal security controls into customized client-facing documentation.
-
Review and provide expert analysis of security clauses in contracts, drafting customized security requirements for clients and suppliers.
-
Participate in clients meetings to address cybersecurity concerns and requirements,
-
Conduct and document security reviews of SaaS applications, producing original risk assessment reports and designing mitigation recommendations.
-
Building and maintaining a Security Trust Center or similar customer-facing resources.
-
Provide Strategic Guidance:
-
Become one of the main points of contact for senior management on GRC matters, and create strategic advisory materials/models detailing the impact of GRC initiatives on business decisions.
-
Develop and maintain strong relationships with key stakeholders across the organization.
-
Ensure Functional Supervision
-
Provide expert guidance and alignment for the GRC team; act as the technical mentor and "quality gatekeeper" for key deliverables, including security awareness program and third-party risk assessments.
-
Deliver IT Security Reporting:
-
Develop, support and maintain key performance indicators (KPI) for the Security function.
-
Gather, analyze and report on security metrics and compliance status.
-
Prepare and design customized presentations and reports to senior management on the status of the IT Security program, including key risks, threats, and vulnerabilities.
-
Implement AI-Powered GRC Operations:
-
Lead the practical adoption of Generative AI tools (LLMs, AI Agents) to automate evidence collection, draft security policies, and summarize regulatory changes, significantly increasing team efficiency.
Note: This job description is intended to provide a general overview of the position. It is not intended to be an exhaustive list of duties and responsibilities.