GRC Manager

4 hours, 56 minutes ago
Omilia

Omilia

Omilia is a global leader in Conversational AI, offering AI-based self-service solutions for enhanced customer care fulfillment and success.

IT Services
251-1K
Founded 2002
$20M raised

Description

  • Own the full lifecycle of ISO 27001, SOC 2 Type II, C5, PCI-DSS, and Cyber Essentials certifications, including scoping, evidence management, audit coordination, management responses, and remediation tracking.
  • Own GDPR operational compliance, including the DPIA process, LIA and TIA governance, RoPA maintenance, breach response documentation, and cross-border transfer mechanisms in collaboration with the DPO.
  • Maintain active compliance frameworks for DORA, NIS2, HIPAA, CCPA/CPRA, the EU Data Act, and the Cyber Resilience Act, including obligation tracking and client assurance artefacts.
  • Own breach and incident response governance end to end, including process management, regulatory notification decision support, Art. 33/34 documentation, and the notification register.
  • Drive control owner accountability by translating regulatory obligations into business impact, managing evidence deadlines, and escalating issues as needed.
  • Manage the ISMS evidence library and maintain the certification body relationship for ISO 27001 and C5.
  • Coordinate SOC 2 Type II readiness, including TSC scoping, evidence collection, auditor engagement, report distribution, and management response drafting.
  • Coordinate end-to-end client compliance audits, including evidence packs, management responses, and findings remediation.
  • Maintain and administer the GRC automation platform, including uploading evidence and monitoring control status.
  • Coordinate BAA execution and PHI obligation documentation with Legal for healthcare accounts.

Requirements

  • 4 to 8 years of experience in GRC, with most experience in regulated B2B technology or SaaS environments.
  • ISO 27001 Lead Auditor or Lead Implementer certification is mandatory.
  • Demonstrated end-to-end ownership of SOC 2 Type II, including scoping, evidence coordination, auditor management, and management responses.
  • Strong GDPR practitioner knowledge, including DPIAs, RoPA, data subject rights, and cross-border transfer mechanisms such as SCCs and BCRs.
  • Working knowledge of DORA and NIS2 as live compliance obligations.
  • Familiarity with HIPAA BAA coordination and US state privacy law tracking, including CCPA/CPRA, is a strong advantage.
  • Experience using a GRC automation platform at an operational level.
  • Ability to work independently, manage a personal compliance tracker, and close loops without follow-up.
  • Ability to translate regulatory obligations into plain language and drive responses from technical and product stakeholders without formal authority.
  • Degree in Law, Business, Information Systems, or equivalent professional experience.
  • Business fluency in English, written and spoken, is mandatory.
  • Occasional travel to Greece for client audits or certification body engagements may arise.

Benefits

  • Fixed compensation.
  • Long-term employment with vacation days.
  • Professional development support, including courses and training.
  • Opportunity to work on cutting-edge technology products with global impact.
  • Supportive, skilled, and enjoyable team environment.
  • Apple gear.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

International Logistics Specialist

IonQ 51-250 Internet Software & Services

IonQ is seeking an International Logistics Specialist to support global import, export, and trade compliance operations for a high-tech quantum computing company.

4 hours, 41 minutes ago

Compliance Analyst - Freelance AI Trainer

Mindrift.ai: Be the “I” in AI Internet Software & Services

Mindrift is seeking project-based compliance specialists to evaluate and document AI-related compliance tasks for leading tech companies on a non-permanent, part-time basis.

4 hours, 41 minutes ago

Information Security Officer

Super Technologies Pvt Ltd 1-10 aviation & aerospace

Super is hiring an Information Security Officer to own company-wide security governance, policy, compliance, and awareness across its multi-market technology business.

Cybersecurity
4 hours, 41 minutes ago

Compliance Analyst - Freelance AI Trainer

Mindrift.ai: Be the “I” in AI Internet Software & Services

Mindrift is seeking project-based compliance and regulatory specialists to help test, evaluate, and improve AI systems for leading tech companies.

4 hours, 41 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers