GRC Engineer

Описание вакансии

The IT company Andersen invites a GRC Engineer to join our team and contribute to the development of our company.

Andersen is a European pre-IPO software development company uniting over 3,500 top-class professionals: developers, architects, testers, analysts, and other specialists. Operating in the market since 2007, we have developed 1,000+ outstanding projects for the Financial sector, Healthcare, Logistics, Travel and Hospitality, Telecom, Automotive industry, etc.

Responsibilities:

Developing and enforcing security policies, standards, and procedures to ensure compliance with regulatory requirements (e.g., ISO 27001, SOC 2, GDPR, NIST).
Conducting risk assessments and audits, identifying security gaps and recommending mitigation strategies to reduce organizational risk.
Leading compliance initiatives, working with internal teams and external auditors to prepare for certifications and address findings.
Monitoring and reporting on security controls, ensuring adherence to frameworks and providing executive-level updates on risk posture and compliance status.

Must haves:

Experience in GRC, risk management, or audit roles, often with prior experience in IT security or compliance, for 5+ years.
Certifications such as CISSP, CISA, CRISC, or ISO 27001 Lead Auditor, proving expertise in governance and risk frameworks.
Experience in industries like finance, healthcare, or tech, where compliance is critical, and adapts frameworks to sector-specific risks.
Bachelor’s degree in cybersecurity, IT, or a related field, with some pursuing a master’s in risk management or MBA for leadership roles.
Skills in implementing standards (NIST, SOC 2, GDPR, HIPAA) and guiding organizations through audits with regulatory bodies or third-party assessors.
Hands-on experience with GRC tools (e.g., RSA Archer, ServiceNow GRC, MetricStream) to automate compliance workflows and risk tracking.
Continuously upskills through courses (ISC2, ISACA, SANS) to stay current with emerging regulations like AI governance or cloud security laws.
Level of English – from Upper- Intermediate+ and above.

Reasons why this job would be interesting to you:

Experience in teamwork with leaders in FinTech, Healthcare, Retail, Telecom, and others. Andersen cooperates with such businesses as Samsung, Siemens, Johnson & Johnson, BNP Paribas, Ryanair, Mercedes, TUI, Verivox, Allianz, T-Systems, etc..
The opportunity to change the project and/or develop expertise in an interesting business domain.
Job conditions – you can work both fully remotely and from the office or can choose a hybrid variant.
Guarantee of professional, financial, and career growth! The company has introduced systems of mentoring and adaptation for each new employee.
The opportunity to earn up to an additional 1,000 EUR per month, depending on the level of expertise, which will be included in the annual bonus, by participating in the company's activities.
Access to the corporate training portal, where the entire knowledge base of the company is collected and which is constantly updated.
Bright corporate life (parties / pizza days / PlayStation / fruits / coffee / snacks / movies).
Certification compensation (AWS, PMP, etc).
Referral program.
English courses.
Private health insurance and compensation for sports activities.