Overview:
SOFTSWISS is hiring a Security GRC Team Lead to join our Security team. We are seeking an experienced professional to own governance, risk, and compliance processes across a multi-product tech environment. In this role, you will turn policy into practice, drive audit readiness, and embed measurable security awareness across the company.
Purpose of the role:
You will be responsible for building and leading the governance, risk, and compliance framework across the company, ensuring measurable security practices, continuous audit readiness, and reduced exposure in cloud, SaaS, and data environments.
Key responsibilities:
- Define and evolve the control framework; run a repeatable assurance cycle with clear owners and evidence.
- Keep the risk register sharp: clear risks, treatment plans, and milestones.
- Manage policy lifecycle (draft → review → approval → rollout) with actionable guidance for engineers.
- Review security tooling and integrations end-to-end to improve coverage and time-to-evidence.
- Drive periodic access reviews and data protection controls across core systems.
- Orchestrate audit readiness and targeted internal audits; track remediation to closure.
- Improve intake and triage for GRC-related security requests, with clear SLAs and DoD.
Required Experience:
- 5–7+ years in GRC/Security Governance/Assurance with rollout of ISO 27001/NIST-aligned controls.
- Track record delivering security KPIs and closing audit findings in cloud/SaaS environments.
- Experience operationalizing controls in engineering toolchains.
- Strong stakeholder management with Product, Platform, Data, Finance; crisp written communication.
- Data-driven approach to evidence and reporting.
- ISO 27001 implementer/auditor experience.
Nice to have:
- Automation of control testing and evidence collection.
- Background in product-led tech companies.
Learn more about our hiring process here (link) – what to expect, how to prepare, and what makes SOFTSWISS different.