GRC Assessor

We are looking for an experienced GRC Assessor to support a post go-live security assessment following the transition of ICT managed services to a new service provider.

This role focuses on evaluating the effectiveness of implemented security controls in a live environment. It is a non-assurance, point-in-time assessment, requiring a strong ability to review operational evidence rather than perform technical testing or design reviews.

The ideal candidate brings hands-on experience in operational security reviews, particularly within managed services or regulated environments, and is comfortable working with documentation, logs, and governance processes.

Codzienne zadania

• Perform post-implementation security assessments to evaluate the effectiveness of operational controls after service transition.
• Review and analyze evidence-based artifacts, including logs, tickets, access records, incident reports, and change records.
• Assess risks related to service transition and inherited controls, including access provisioning/revocation, logging continuity, and knowledge transfer.
• Evaluate governance and operational effectiveness across key security domains.
• Identify gaps, risks, and improvement areas, and provide actionable recommendations.
• Collaborate with stakeholders across security, IT, and service providers to validate findings and ensure alignment.
• Prepare clear and structured assessment reports for management and key stakeholders.

Compliance & Framework Knowledge

• Familiarity with security frameworks and regulations at a governance and control effectiveness level, including:
  • ISO/IEC 27001
  • NIS2 Directive
  • General Data Protection Regulation

Must have

• GRC
• Security
• IAM
• Cloud
• Azure
• Amazon Web Services
• Web Services
• Google cloud platform
• Testing