IT Security Specialist - GRC Lead

About IbexaIbexa is a European marketing orchestration platform that empowers organisations to deliver seamless, data-driven customer experiences across the entire digital journey. By unifying content management, customer data, engagement, product information, and interactive data collection capabilities — including solutions such as Qualifio, Raptor, Quable, Actito — Ibexa enables marketing and digital teams to break down silos and orchestrate high-impact, personalised experiences at scale. We are a team of more than 350 professionals across Europe. As Ibexa continues to expand its footprint across Europe and beyond, we are looking for ambitious sales professionals who are eager to help organisations transform their marketing ecosystems and unlock new growth opportunities.About the RoleWe are looking for a GRC Lead to help build, operate, and continuously improve our security governance framework across a growing SaaS organisation.As a key member of the IT Security team, you will own the governance, risk, compliance, and certification dimensions of our security program. You will work closely with Engineering, Infrastructure, Internal IT, HR, Legal, Product, and executive leadership to ensure that security requirements are properly defined, documented, monitored, and evidenced.You will be the primary owner of our ISO 27001 roadmap, risk management framework, security policies, client security questionnaires, and auditor interactions.This role combines strategic thinking, operational execution, stakeholder management, and a pragmatic approach to compliance.What You Will DoGovernance & ComplianceOwn and maintain the company's Information Security Management System (ISMS)Lead the ISO 27001 certification and continuous improvement roadmapDefine, document, and continuously improve security policies, standards, procedures, and controlsEnsure security governance remains aligned with business objectives and regulatory requirementsCoordinate security-related activities with Legal, HR, DPO, Internal IT, Infrastructure, and Product teamsRisk ManagementOwn and maintain the corporate security risk registerFacilitate risk identification, assessment, treatment, and follow-up activitiesDrive remediation planning and ensure appropriate tracking of security actionsSupport management decision-making through risk-based recommendationsClient & External Security InteractionsLead responses to customer security questionnaires and due diligence requestsCoordinate security-related discussions during sales cycles and customer auditsAct as the primary point of contact for external auditors and certification bodiesCoordinate penetration testing engagements and remediation follow-upPrepare security documentation and evidence packages for customers and auditorsSecurity Processes & ReportingDefine and maintain security processes across the organizationCoordinate incident follow-up processes and post-incident action trackingProduce governance dashboards and security reporting for leadershipContribute to KPI definition and measurement frameworksSupport quarterly security committees and executive security reviewsCross-Functional CollaborationWork closely with the Technical Security Lead on security initiativesPartner with Infrastructure, Internal IT, and Engineering teams to ensure compliance requirements are effectively implementedSupport security awareness initiatives and company-wide security programsContribute to the continuous improvement of Technical and Organizational Measures (TOMs)RequirementsWhat we are looking for5+ years in GRC, Information Security, Internal Audit, or a related fieldHands-on experience with ISO 27001, security audits, compliance assessments, and risk managementExperience handling customer security reviews and questionnairesBackground in SaaS, cloud, software, or technology environmentsStrong understanding of information security governance and risk managementFamiliarity with security frameworks such as ISO 27001, SOC 2, and NISTKnowledge of cloud environments, software development, and data privacy principlesSkillsExcellent written communication and documentation skillsFluent in English and FrenchStrong stakeholder management and collaboration abilitiesAbility to translate security requirements into practical business processesDetail-oriented, structured, and effective with both technical and non-technical audiencesAble to challenge constructively while fostering collaborationWhat Success Looks LikeWithin your first year, you willMaintain and continuously improve our ISO 27001 compliance posture and extend scope to entities not covered yetImprove the quality and efficiency of customer security interactionsIncrease visibility of security KPIs and governance reportingStrengthen security processes and evidence management across the organizationBecome a trusted advisor to leadership and operational teams on governance, risk, and compliance mattersWhy Join UsYou will play a central role in shaping the security maturity of a growing software organization. Working directly with the Head of IT and C-level executive and alongside technical security specialists, you will have the opportunity to influence how security is embedded into our products, operations, and culture while helping the company scale in a secure and compliant way.Originally posted on Himalayas