Remote Senior Security Analyst (GRC)

Description:

• The Senior Security Analyst (GRC) will report to the Director of Enterprise Technology in the Security (Enterprise Technology) team.
• The primary purpose of this role is to help ensure the organization’s security posture is robust, compliant, and aligned with industry best practices.
• Responsibilities include developing and maintaining a comprehensive GRC framework, conducting risk assessments, advising on effective IT controls, and driving continuous improvement in security measures.
• The role requires a good understanding of technical and organizational security concepts and their impact on the company.
• The analyst must have proven experience in developing and managing GRC and IT control frameworks such as NIST and CIS.
• The ability to identify security risks in systems and business processes and lead projects to implement long-term solutions is essential.
• Strong communication skills are necessary to effectively present security risks and compliance status to management.
• Experience with security standards and regulations such as NIS2, PCI-DSS, GDPR, and SOX is required.
• A proactive attitude in contributing to team culture, enhancing collaboration and feedback is important.
• Conversational-level English language skills are required for business-wide communications.

Requirements:

• A good understanding of technical and organizational security concepts and their impact on the company is essential.
• Proven experience in developing and managing GRC and IT control frameworks, such as NIST and CIS, is required.
• The candidate must be able to identify security risks in systems and business processes and lead projects to implement long-term solutions.
• Strong communication skills are necessary to effectively present security risks and compliance status to management.
• Experience with security standards and regulations such as NIS2, PCI-DSS, GDPR, and SOX is required.
• A proactive attitude in contributing to team culture, enhancing collaboration and feedback is essential.
• Conversational-level English language skills are mandatory for effective communication within the company.
• Experience with GRC automation tools like OneTrust, ServiceNow, or RSA Archer is preferred.
• Relevant certifications such as CISSP, CISM, CISA, or CRISC are advantageous.

Benefits:

• Flexible working hours and fully remote opportunities within your country are offered.
• A holiday allowance of 26 days plus public holidays is provided.
• Access to tools and resources that support professional development is available.
• The opportunity to be part of the world’s fastest-growing beauty marketplace is included.