GRC Specialist

What we are looking for

We are seeking a highly autonomous and analytically strong Security Governance, Risk & Compliance Specialist with proven experience in conducting comprehensive Risk Analysis using both ISO-methodologies (ISO/IEC 27005, ISO 31000, ISO/IEC 27001 Annex A) and European risk assessment frameworks such as the ITSRM methodology.

The ideal candidate will be able to independently evaluate complex risk scenarios, propose structured mitigation strategies, and support in strengthening our clients security posture across IT, cloud, and medical environments, ensuring alignment with industry best practices, international standards, and EU regulatory frameworks.

Responsibilities

• Independently execute end-to-end Risk Analysis activities, applying ISO/IEC 27005, ISO 31000, ISO 27001 Annex A methodologies and European approaches (e.g., ITSRM), ensuring traceable, repeatable and evidence-based assessments
• Identify and classify assets, threats, vulnerabilities and impacts
• Define actionable Risk Treatment and Mitigation Plans
• Maintain structured risk registers, reporting dashboards, statements of applicability (SOA) considerations and documentation supporting governance
• Develop, draft and maintain IT Security Plans, including security requirements, architectural security considerations, and process security baselines aligned with organizational and regulatory needs
• Provide guidance on Secure Software Development Lifecycle (SSDLC) practices, including threat modelling, secure coding, vulnerability management workflows and DevSecOps integrations
• Collaborate with engineering, development, operations, infrastructure, IT security and compliance teams to integrate risk-based decision-making across processes and projects
• Apply cybersecurity governance principles in AI driven medical environments, understanding regulatory constraints, security critical requirements, medical device ecosystem interactions and operational risks
• Prepare high-quality technical documentation, reports, summaries, and executive briefing materials, ensuring communication clarity across both technical and business stakeholders

Required qualifications and skills

• Preferred Bachelor's degree in a STEM field of Masters in the Cybersecurity field
• 5+ years of experience in Security Governance, Risk & Compliance, IT Security
• Demonstrated ability to independently conduct structured Risk Assessment and Risk Management activities
• Strong knowledge of:
• ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27005, ISO 31000
• ITSRM or other European cybersecurity risk methodologies
• Governance, compliance and european risk frameworks
• Understanding of Secure Development practices and SSDLC principles
• Ability to draft, structure and maintain IT Security Plans and security documentation
• Familiarity with IT environments and cybersecurity challenges in medical/healthcare ecosystems
• Knowledge of GDPR, NIS2, AI Act and related EU regulations with particular focus to the ITSRM methodology