IT Security Compliance Lead

Work smart, have fun and make an impact!

EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. We analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.

Why apply to EcoVadis? Be a part of the global sustainability change in business. Grow your career. Work with extraordinary people. Feel valued for your contribution.

Learn more about our team and culture on EcoVadis careers page.

At EcoVadis, robust security and regulatory compliance are essential for protecting our assets and maintaining customer trust. We are seeking a results-oriented IT Security Compliance Lead to act as a core expert in ensuring organizational adherence to global IT compliance standards and regulatory mandates.

This high-impact role requires an expert to lead, design, and continuously enhance our IT Compliance program, focusing on regulatory alignment, elevating the organization's security posture, and improving overall security maturity. You will drive continuous improvement across our IT security processes and ensure we meet evolving regulatory and customer needs.

Key Responsibilities:

• Lead and Maintain the IT Compliance Program:

• Create, author, develop and implement a comprehensive GRC strategy, which includes policies, procedures, and security requirements that aligns with industry best practices and regulatory requirements.

• Deploy, maintain and continuously develop a proprietary consolidated control framework that is consistent with the organization's compliance requirements and needs, including mapping controls to facilitate the easy adoption of regulatory changes and updates.

• Conduct IT compliance gap assessments and work with control owners to identify, evaluate, and prioritize remediation actions in accordance with the organization’s risk acceptance criteria.

• Collaborate with subject matter experts and management to develop and implement corrective action plans and control improvements to address identified compliance gaps and mitigate IT risks.

• Collaborate with Product teams to ensure "Compliance-by-Design," providing requirements and highlighting security risks during the discovery phase of new features and improvements.

• Maintain and suggest improvements to the security maturity of the organization, including creating and maintaining a security maturity assessment framework and managing the tracking of associated improvement actions.

• Ensure Regulatory and Industry Standards Compliance:

• Stay abreast of relevant laws, regulations, security frameworks and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2,...), and work towards ensuring the organization's compliance with them.

• Promote awareness of applicable laws and regulations towards employees and upper management.

• Conduct regular audits and assessments to monitor compliance and identify areas of improvement.

• Be an active participant in third party audits, including leading them to support IT Security needs, when applicable.

• Support Business Processes:

• Perform deep-dive analysis and author technical responses for security questionnaires, translating complex internal security controls into customized client-facing documentation.

• Support in the review and provide expert analysis of security clauses in contracts, drafting customized security requirements for clients and suppliers.

• Participate in clients meetings to address cybersecurity and regulatory compliance concerns and requirements.

• Conduct and document security reviews of SaaS applications, producing original compliance assessment reports and designing mitigation recommendations.

• Support in maintaining a Security Trust Center or similar customer-facing resources.

• Provide Strategic Guidance:

• Serve as a main point of contact for senior management and stakeholders on regulatory and IT compliance matters, creating strategic advisory materials detailing the impact of compliance initiatives on business decisions.

• Develop and maintain strong relationships with key stakeholders across the organization.

• Deliver IT Compliance Reporting:

• Develop, support and maintain key performance indicators (KPI) for the IT Compliance function.

• Gather, analyze and report on security metrics and compliance status.

• Prepare and design customized presentations and reports to senior management on the status of the IT Compliance program and audit readiness status.

• Implement AI-Powered Compliance Operations:

• Lead the practical adoption of Generative AI tools (LLMs, AI Agents) to automate evidence collection, draft security policies, and summarize regulatory changes, significantly increasing team efficiency for IT Compliance deliverables.

Note: This job description is intended to provide a general overview of the position. It is not intended to be an exhaustive list of duties and responsibilities.

• 5+ years of experience in GRC positions.
• Exceptional ability to build stakeholder relationships and translate technical risks into business impact.
• Ability to align and guide peers/junior staff through influence and technical authority, rather than formal people management.
• High degree of autonomy and the ability to drive complex GRC projects independently from inception to completion.
• Strong understanding of GRC frameworks, methodologies, and best practices.
• Knowledge of relevant laws, regulations, and industry standards, and open to explore other national-led frameworks that may be applicable to the organization.
• Hands-on experience creating and leading information security compliance programs based on multiple standards or regulations (e.g. ISO 27001, SOC2, etc.)
• Practical experience using AI to streamline compliance workflows and an understanding of the risks associated with AI adoption.
• Strong analytical and problem-solving skills, with the ability to assess risks and develop effective control measures.
• Ability to conduct research about areas unknown to him/her, and use that knowledge to deliver security guidelines and propose improvements.
• Hands-on experience with Google Workspace is a plus.
• Fluent written and spoken English.

• Offer available only for candidates eligible to work and live in Poland

• Location: Hybrid in Warsaw (4 days per month in the office) / Full remote from Poland

 

In return for your expertise, we offer:

• Support with all the necessary office and IT equipment

• Flexible working hours

• Wellness allowance for mental and physical wellbeing

• Access to professional mental health support

• Referral bonus policy

• Learning and development 

• Sustainability events and community involvement

• Peer recognition program

• Employee-led resource groups

• Optional (fully covered or co-financed) health care and life insurance

• Multisport card

• Multikafeteria

• Lunch card

• Hybrid work organization

• Remote work from abroad policy

• Internet and Electricity bill allowance

• Additional day for community service when volunteering

Our hiring team looks forward to reviewing your CV, in English, with a guaranteed response to every application. A new job with purpose awaits you!

Don’t fit all the criteria but still think you’d be a good candidate? Please apply anyway to give our hiring team the opportunity to assess your skills and to learn more about what you could bring to EcoVadis. We’re interested in hiring capable people, regardless of professional and educational background.

Can the hiring process be adjusted to suit my needs? Yes. We want everyone going through the hiring process with EcoVadis to feel confident that you are able to demonstrate your full potential. We welcome applications from disabled people, people with long-term health conditions, and neurodiverse candidates. If you need any adjustments, including the provision of interview questions, please let the hiring team know.

Our team’s strength comes from everyone’s uniqueness and is founded upon mutual respect. EcoVadis commits to equity, inclusion and reducing bias in our hiring processes. EcoVadis does not accept any form of discrimination based on color, national or ethnic origin, ancestry, citizenship, religion, beliefs, age, sex, gender identity, sexual orientation, neurodiversity, disability, parental status, or any other protected characteristic that makes you unique. In your application, we encourage you to remove personal information such as: photographs, marital status, number of children, religion, gender, residential postal code, university graduation date, past medical or parental leave(s) taken, nationality (instead, please state if you are legally eligible to work in the job region/country), university name (instead, please state any degrees obtained and the study major).