We are looking for a Security and Compliance Specialist to take ownership of our day-to-day security governance and compliance operations. This role supports ISO 27001, DORA readiness, the EU Data Act, customer security expectations, and our internal ISMS.
Requirements
- Operate, maintain, and continuously improve the Information Security Management System (ISMS).
- Monitor and track risk assessments, treatment plans, and ongoing control performance.
- Coordinate internal audits, management reviews, and quarterly control checks.
- Assist with incident response preparation, documentation, communication flows, and tabletop exercises.
- Support IT with vulnerability management, follow-ups, remediation tracking, and reporting.
- Prepare, organize, and maintain security framework (CIS, ISO 27001, etc>) evidence; ensure all controls remain audit-ready.
- Coordinate external audits and certification activities.
- Help maintain security and privacy documentation (policies, standards, procedures, guidelines).
- Support GDPR responsibilities, including:
- Maintaining ROPA
- Assisting with DPIA reviews
- Tracking privacy risks and mitigation measures
- Ensuring data retention, access, and deletion procedures are well-implemented
- Support alignment with DORA and EU Data Act requirements as they evolve.
- Ensure documentation, evidence, and processes remain aligned with EU regulatory expectations.
- Help complete customer security questionnaires, due-diligence requests, and technical security responses.
- Maintain and operate the vendor risk management lifecycle: intake, screening, reviews, assessments, approvals, and periodic recertifications.
- Track third-party contracts to ensure security, privacy, and data-processing terms remain compliant.
- Assist CIO and IT to validate data transfer mechanisms and subprocessors.
- Collaborate with IT to maintain data asset inventories and data flow records across environments.
- Support data governance documentation related to access, portability, transparency, and the data lifecycle.
- Assist with updates required by EU Data Act obligations (access rights, interoperability, data sharing).
- Support data classification efforts and help ensure data handling aligns with policy.
- Work with IT and engineering on corrective actions, findings, and continuous improvements.
- Act as a central coordination point for security-related projects, evidence gathering, and readiness activities.
- Provide support during customer escalations, compliance reviews, or security discussions.
- Help cultivate a strong internal culture of security and privacy awareness.
Benefits
- Full-time job with a competitive salary package
- Tools & flexibility to develop yourself successfully
- International environment where you will interact with motivated & open colleagues from different backgrounds
- Workplace where you can share and implement your ideas
- Hybrid work policy, which helps guarantee an excellent work-life balance
