Work smart, have fun and make an impact!

EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. We analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.

Why apply to EcoVadis? Be a part of the global sustainability change in business. Grow your career. Work with extraordinary people. Feel valued for your contribution.

Learn more about our team and culture on EcoVadis careers page.

At EcoVadis, security is a product feature and a primary driver of customer trust and satisfaction. We are seeking a results-oriented IT Security GRC Senior Associate to safeguard our assets and global reputation, and act as a strategic partner to our sales and product teams.

You will lead risk mitigation strategies and ensure compliance with global standards, fostering a culture of security across our organization and partner ecosystem, while promoting business acceleration. This is a high-impact opportunity for an expert to design and continuously develop a world-class GRC program that aligns with our strategic goals, removes friction from sales cycles, and exceeds the evolving customer expectations and regulatory needs.

Key Responsibilities:

• Develop and implement GRC Strategy:

  • Create, author, develop and implement a comprehensive GRC strategy, which includes policies, procedures, and security requirements that aligns with industry best practices and regulatory requirements.

  • Deploy, maintain and continuously develop a proprietary control framework that is consistent with the organization’s compliance requirements and needs.

  • Support in conducting risk and control assessments, and identify, evaluate, and prioritize potential threats and vulnerabilities.

  • Author and conceptualize original risk mitigation plans and corrective actions to address risks effectively.

  • Collaborate with Product teams to ensure "Compliance-by-Design," providing requirements and highlighting security risks during the discovery phase of new features and improvements.

• Ensure Regulatory and Industry Standards Compliance:

  • Stay abreast of relevant laws, regulations, security frameworks and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2,...), and work towards ensuring the organization’s compliance with them.

  • Promote awareness of applicable laws and regulations towards employees and upper management.

  • Conduct regular audits and assessments to monitor compliance and identify areas of improvement.

  • Be an active participant in third party audits, including leading them to support IT Security needs.

• Support Business Processes:

  • Perform deep-dive analysis and author technical responses for security questionnaires, translating complex internal security controls into customized client-facing documentation.

  • Review and provide expert analysis of security clauses in contracts, drafting customized security requirements for clients and suppliers.

  • Participate in clients meetings to address cybersecurity concerns and requirements,

  • Conduct and document security reviews of SaaS applications, producing original risk assessment reports and designing mitigation recommendations.

  • Building and maintaining a Security Trust Center or similar customer-facing resources.

• Provide Strategic Guidance:

  • Become one of the main points of contact for senior management on GRC matters, and create strategic advisory materials/models detailing the impact of GRC initiatives on business decisions.

  • Develop and maintain strong relationships with key stakeholders across the organization.

• Ensure Functional Supervision

  • Provide expert guidance and alignment for the GRC team; act as the technical mentor and "quality gatekeeper" for key deliverables, including security awareness program and third-party risk assessments.

• Deliver IT Security Reporting:

  • Develop, support and maintain key performance indicators (KPI) for the Security function.

  • Gather, analyze and report on security metrics and compliance status.

  • Prepare and design customized presentations and reports to senior management on the status of the IT Security program, including key risks, threats, and vulnerabilities.

• Implement AI-Powered GRC Operations:

  • Lead the practical adoption of Generative AI tools (LLMs, AI Agents) to automate evidence collection, draft security policies, and summarize regulatory changes, significantly increasing team efficiency.

Note: This job description is intended to provide a general overview of the position. It is not intended to be an exhaustive list of duties and responsibilities.

● Fluent written and spoken English.

● 5+ years of experience in GRC positions.

● Exceptional ability to build stakeholder relationships and translate technical risks into business impact.

● Ability to align and guide peers/junior staff through influence and technical authority, rather than formal people management.

● High degree of autonomy and the ability to drive complex GRC projects independently from inception to completion.

● Strong understanding of GRC frameworks, methodologies, and best practices.

● Knowledge of relevant laws, regulations, and industry standards, and open to explore other national-led frameworks that may be applicable to the organization.

● Hands-on experience creating, maintaining and improving compliance programs based on multiple standards or regulations (e.g. ISO 27001, SOC2, etc.)

● Practical experience using AI to streamline compliance workflows and an understanding of the risks associated with AI adoption.

● Strong analytical and problem-solving skills, with the ability to assess risks and develop effective control measures.

● Ability to conduct research about areas unknown to him/her, and use that knowledge to deliver security guidelines and propose improvements.

● Hands-on experience with Google Workspace is a plus.

• Offer available only for candidates eligible to work and live in Poland

• Location: Hybrid in Warsaw (4 days per month in the office) / Full remote from Poland

In return for your expertise, we offer:

• Support with all the necessary office and IT equipment

• Flexible working hours

• Wellness allowance for mental and physical wellbeing

• Access to professional mental health support

• Referral bonus policy

• Learning and development 

• Sustainability events and community involvement

• Peer recognition program

• Employee-led resource groups

• Optional (fully covered or co-financed) health care and life insurance

• Multisport card

• Multikafeteria

• Lunch card

• Hybrid work organization

• Remote work from abroad policy

• Internet and Electricity bill allowance

• Additional day for community service when volunteering

Our hiring team looks forward to reviewing your CV, in English, with a guaranteed response to every application. A new job with purpose awaits you!

Don’t fit all the criteria but still think you’d be a good candidate? Please apply anyway to give our hiring team the opportunity to assess your skills and to learn more about what you could bring to EcoVadis. We’re interested in hiring capable people, regardless of professional and educational background.

Can the hiring process be adjusted to suit my needs? Yes. We want everyone going through the hiring process with EcoVadis to feel confident that you are able to demonstrate your full potential. We welcome applications from disabled people, people with long-term health conditions, and neurodiverse candidates. If you need any adjustments, including the provision of interview questions, please let the hiring team know.

Our team’s strength comes from everyone’s uniqueness and is founded upon mutual respect. EcoVadis commits to equity, inclusion and reducing bias in our hiring processes. EcoVadis does not accept any form of discrimination based on color, national or ethnic origin, ancestry, citizenship, religion, beliefs, age, sex, gender identity, sexual orientation, neurodiversity, disability, parental status, or any other protected characteristic that makes you unique. In your application, we encourage you to remove personal information such as: photographs, marital status, number of children, religion, gender, residential postal code, university graduation date, past medical or parental leave(s) taken, nationality (instead, please state if you are legally eligible to work in the job region/country), university name (instead, please state any degrees obtained and the study major).