Group Security Specialist

Group Security Specialist (GRC)

We are seeking a Group Security Specialist to join our team. Reporting to the Group IT Security Officer, you’ll collaborate with key stakeholders across Europe and the US, with occasional travel (up to 20%) required for on-site support.

This role focuses on Governance, Risk & Compliance within information security. While not a technical IT/Cybersecurity position, a solid understanding of IT and cybersecurity principles is essential.

Key Responsibilities:

Governance & Policies

• Support the Information Security Management System, including tools, documentation, and trackers.
• Develop and implement Group-level policies; assist Business Units in adapting them locally.
• Collect governance metrics, including monthly Cyber KPIs and bi-annual assessments.
• Manage third-party security vendor programs.
• Build strong relationships with IT, Legal, HR, and other stakeholders.

Risk Mitigation

• Evaluate and recommend security controls.
• Assist in reducing risks, addressing operational issues, and managing incidents.
• Conduct Business Impact Analysis and Cyber Risk Assessments.
• Support security awareness initiatives.

Compliance

• Lead internal compliance and audit processes (ISO27001, KRITIS, SOX).
• Ensure external stakeholder assurance, including customer/supplier cybersecurity requests.
• Monitor evolving security and privacy risks, laws, and regulations.

Candidate Profile:

• Degree in IT, computer science, or information security.
• 3-5 years of experience, with 2-3 years in a similar role.
• Familiar with ISO 27001, NIST 800-53, or CIS Controls.
• Knowledgeable in global data protection laws, especially EU, UK & US.
• High-level understanding of security domains (network, IAM, application security).
• Consulting experience is a plus.
• Strong analytical skills, problem-solving mindset, and the ability to work independently and in global teams.