GRC Specialist (Risk and Compliance) - Fully Remote

Do you enjoy combining security, risk, and compliance with practical, scalable solutions rather than pure “check-the-box” compliance?

Do you enjoy cross-functional work with Security, Engineering, and IT?

Great , please read on as we have the role for you!

We’re partnering with a fast-growing, international Legal Tech / SaaS company that builds a leading legal data intelligence platform used globally. Their Security organization is investing heavily in modern, technology-driven governance, risk & compliance (GRC) and is now looking for an Advanced Risk & Compliance Analyst to join the team in Poland.

This is an opportunity to work in a security-focused environment, within an international team, where you’ll have a real impact on how security controls are designed, tested, and automated across a global SaaS product. You will be a member of the Governance, Risk & Compliance (GRC) team within the Security function. Your work will focus on the company’s global information security management program and control landscape.

This is a fully remote B2B contract opportunity in Poland which will end at the end of 2026. 

Your Tasks Will Include:

• Control testing & second-line assurance:  Perform monthly control testing to validate that key security and IT controls are operating effectively.
• Conduct process and operational reviews against predefined test procedures.
• Support second-line audit-type activities, reviewing evidence and identifying gaps.
• Policy & procedure lifecycle: Coordinate and track annual reviews of policies, standards, and procedures.
• Work with stakeholders to update and improve documentation so it’s both audit-ready and useful to the business.
• Risk & compliance program support: Coordinate tracking of the information security management program, including: Control performance monitoring, Risk assessments,  Compliance-related activities and exceptions
• Maintain accurate control testing files and risk ratings for identified issues.
• Audit support: Prepare and organize evidence for internal and external audits.
• Support engagements aligned to frameworks such as ISO/IEC 27001/27018, NIST 800-53, and SOC 2.
• Work with auditors to explain controls, processes, and remediation actions.
• Automation & workflow improvement: Help develop and operationalize automated evidence collection processes integrated with control workflows and ticketing systems, reducing manual effort and audit friction.

To be a good fit for the GRC Specialist (Risk and Compliance) role, you will have:

• 2+ years of professional experience in Risk management, Internal audit (especially IT audit), Security/compliance or GRC roles
• Experience with ISO/IEC 27001/ 27018, SOC 2 knowledge is a plus
• Experience with external  and/or internal audit, control development, and control development and testing
• Experience within a SaaS environment or another higher regulated environment
• Experience with GRC tools such as Archer, ServiceNow, LogicGate or similar
• Clearly articulate risk and control concepts to both technical and non-technical stakeholders.
• Experience with project management tools like JIRA or Asana is desired
• Nice to have experience in designing or supporting automated evidence collection workflows for audits, control testing, or continuous compliance programs.

What’s in it for you

• Work on a leading global tech product in the Legal Tech space, where security and compliance are critical.
• Be part of a growing, international GRC team with a mandate to modernize and improve how security controls are designed, tested, and automated.
• Gain exposure to multiple security frameworks and certifications (ISO, SOC 2, NIST).
• The chance to shape and improve processes, not just execute them.

Sounds interesting?  Send us your CV by applying to this page

The provision of personal data by you is fully voluntary and the basis for their processing is your consent. We have prepared some necessary information, you can find in document: "Information regarding the processing of your personal data". There you will find how your Personal Data is being processed and what your rights are in connection to this.

The personal data will be processed by Sowelo Consulting spółka z ograniczoną odpowiedzialnością with its registered seat in Cracow (LLC) registered in National Court Register (KRS) under no. 0000671136, our Employees and Subcontractors (jointly referred to as the Company).

Sowelo Consulting sp. z o.o. (LLC) is entered in the register of employment agencies under the number: 35288

Our candidate selection process relies entirely on human judgment. We explicitly avoid using automated screening algorithms or AI-driven scoring systems for any part of the assessment. Every single profile is reviewed personally by our experienced recruiters, ensuring a thorough and unbiased consideration of your fit.

IT Recruitment Poland | Executive Search | Recruitment Process Outsourcing