Medior GRC Officer

Job description

This role ensures continuous compliance with applicable security and privacy frameworks (ISO 27001/2022, ISO 27018, SOC 2) and evolving regulatory obligations (EU AI Act, NIS2, DORA) while acting as the primary liaison with auditors, Legal, Business Development, Cloud, and data protection stakeholders. The role owns control frameworks, policy governance, risk management, and compliance initiatives. 1. Security, Privacy & Compliance Frameworks 2. Risk Management, TPRM & Awareness 3. Regulatory Compliance 4. Data Protection & Privacy - Own and maintain governance, documentation, and control frameworks across ISO 27001/2022, ISO 27018, SOC 2, and other applicable standards, ensuring continuous audit readiness. - Manage core control artefacts including the Statement of Applicability (SOA), risk assessments, mitigation plans, control ownership mapping, audit plans and control effectiveness reviews. - Automate and streamline evidence collection process across control areas and maintain evidence repositories and tooling (e.g., Vanta/OneTrust) to support internal and external audits. - Plan, coordinate, and document internal audits and support external certification/attestation audits, inc...