Governance Risk & Compliance Lead

 Posted 8 hours ago
  
 Italy
  
2-5 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Manage and improve the Information Security Management System (ISMS) while overseeing internal and external audits for ISO 27001 and SOC 2. The role also involves managing risk assessments, third-party risk, and supporting ESG sustainability reporting.

About XTEL:

At XTEL, we excel in understanding large FMCG players. As a leading software provider of sales automation solutions for the Consumer Goods Industry worldwide, our mission is to partner with our customers to unlock growth through smart investment and optimize their promotional plans.

Position Overview:

XTEL is looking for a GRC Analyst who is driven, curious, and eager to grow. You’ll work directly with the Director of Information Assurance to help build and scale a forward-thinking and efficient security & compliance program. This isn’t a check the box compliance role, we’re looking for someone who wants to reimagine how GRC is done and isn’t afraid to roll up their sleeves to make it happen.

Key Responsibilities:

· Manage the ongoing operation and improvement of XTEL’s ISMS.

· Draft, review, and maintain security & compliance policies, standards, and procedures, ensuring they meet evolving compliance requirements and business needs.

· Manage internal and external audits (ISO 27001, SOC 2).

· Monitor compliance obligations across frameworks including ISO 27001, SOC 2, SOC 1/ISAE 3402, GDPR, and NIS2.

· Own risk assessments and treatment plans.

· Manage our Third Party Risk Management (TPRM) efforts for evaluating vendors beyond just sending out lengthy questionnaires.

· Assist with client security questionnaires, RFPs, and due diligence requests.

· Support ESG initiatives by collecting, analyzing, and reporting on sustainability metrics, including greenhouse gas emissions and energy usage, to meet investor and stakeholder requirements.

· Assist in responding to customer RFPs and inquiries related to ESG, ensuring alignment with sustainability goals and regulatory frameworks.

· Collaborate with stakeholders across IT, Product, Engineering, HR, etc. to implement security controls.

· Continuously look for ways to automate, streamline, and modernize how we manage compliance and security operations.

· Contribute to incident response and BCP/DRP planning and testing.

Qualifications:

· You have 4+ years of experience in compliance or risk management roles, ideally in B2B SaaS environments.

· You have hands on experience with ISO 27001 and SOC 2, and have experience directly managing these types of audits.

· You are comfortable working on multiple concurrent projects, and to an extent, wearing multiple hats. For example, managing an internal ESG assessment while in parallel also supporting XTEL during its external ISO 27001 audit, and still staying on top of your day-to-day GRC tasks (following up on controls, review policies, responding to customer security questions, etc.).

· You think of GRC as more than just documentation and spreadsheets – you see it as a system to be optimized and improved with technology.

· You’ve managed ISMS operations and understand what makes policies and procedures useful.

· You've managed risk assessments.

· You have an advanced level of spoken and written English

Nice to have:

· Experience using GRC platforms such as Drata, Vanta, Secureframe, etc.

· Experience within Microsoft 365 and Azure environments.

· Experience with automation, low-code tools, or scripting to improve workflows and documentation processes.

Personal Attributes:

· You’re motivated, adaptable, and eager to learn.

· You’re organized, self-directed, and thrive in environments where you can take ownership.

Geographical Location:

· EU

· Open to remote or hybrid work arrangements

What We Offer:

· Hybrid or full remote working set-up ;🏡

· Flexible working hours;⌚

· Competitive Salary Package and Bonus scheme;💸

· A challenging role in a fast-growing AI-driven company; 🪄

· A diverse and international team with strong ownership and a can-do mentality.🌏

· Opportunities to contribute meaningfully to the organization’s growth and development.🚀

Equal Opportunities Statement:

If you have strengths to share, we’d love to hear from you. We value diverse backgrounds and experiences, so don’t hesitate to apply even if you don’t meet all criteria.

XTEL is an equal opportunity employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.

Similar Jobs

See all Remote Legal jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Legal

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified