GRC Specialist

Job description

What we are looking for We are seeking a highly autonomous and analytically strong Security Governance, Risk & Compliance Specialist with proven experience in conducting comprehensive Risk Analysis using both ISO-methodologies (ISO/IEC 27005, ISO 31000, ISO/IEC 27001 Annex A) and European risk assessment frameworks such as the ITSRM methodology. The ideal candidate will be able to independently evaluate complex risk scenarios, propose structured mitigation strategies, and support in strengthening our clients security posture across IT, cloud, and medical environments, ensuring alignment with industry best practices, international standards, and EU regulatory frameworks. Responsibilities: - Independently execute end-to-end Risk Analysis activities, applying ISO/IEC 27005, ISO 31000, ISO 27001 Annex A methodologies and European approaches (e.g., ITSRM), ensuring traceable, repeatable and evidence-based assessments - Identify and classify assets, threats, vulnerabilities and impacts - Define actionable Risk Treatment and Mitigation Plans - Maintain structured risk registers, reporting dashboards, statements of applicability (SOA) considerations and documentation supporting governance...