We are seeking a Senior Governance, Risk & Compliance (GRC) to support the development, implementation, and monitoring of the company's governance, risk management, and compliance programs. The role requires strong knowledge of legal and regulatory requirements, excellent English communication skills, and the ability to work with cross-functional teams, auditors, and regulators.
Key Responsibilities:
1. Governance & Compliance
- Develop, review, and maintain policies, procedures, and standards in alignment with legal, regulatory, corporation standards and industry requirements
- Ensure compliance with applicable laws, regulations and standards (e.g. data protection, cybersecurity, information security, corporate governance,...)
- Monitor regulatory changes, assess their impact on the organization and update related document
- Lead and coordinate internal and external audits (e.g. ISO 27001/27017/27018, SOC 2, SOX, PCI DSS), track remediation actions
2. Risk Management
- Identify, assess, and document operational, legal, compliance, and technology risks
- Support risk assessments, risk treatment plans, and ongoing risk monitoring
- Maintain risk registers and compliance evidence repositories
3. Legal & Contractual Support
- Work closely with legal and internal team on legal compliance matters
- Review contracts, vendor agreements, and third-party risk documentation from a compliance and risk perspective
- Support vendor risk assessments and compliance due diligence
4. Communication & Stakeholder Management
- Communicate effectively in English, both written and verbal, with internal teams, auditors, partners, and regulators
- Prepare clear compliance reports, audit responses, and management presentations
- Provide compliance awareness and training to employees
Required Qualifications:
- Bachelor's degree in Law, Information Security, Computer Science, Engineering, Mathematics, Business Administration or a related field
- 3+ years of experience in GRC, audit, legal compliance, or regulatory roles
- Strong knowledge of legal and regulatory frameworks, preferably in technology, cloud, or financial services environments
- Excellent English communication skills (written and spoken)
- Strong documentation, analysis, and stakeholder/cross-team coordination skills
Preferred Qualifications:
- Experience with standards and frameworks such as ISO 27001/27017/27018, SOC 2, SOX, PCI DSS, CCM, or NIST
- Professional certifications (preferred but not required): CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or similar
- Experience working with external auditors, regulators, or legal advisors
- Knowledge of technology and cloud environments is an advantage
Key Skills:
- Governance & compliance management
- Legal and regulatory analysis
- Risk assessment and mitigation
- Policy and procedure writing
- Strong attention to detail
- Professional English communication
- Able to work both independently and as part of a team
- Proactive in learning, researching, and updating new knowledge
- A strong automation-oriented mindset, with experience driving efficiency through tooling and process automation
