IT Security Specialist - GRC Lead

GRC Lead

Ibexa is a European marketing orchestration platform that empowers organisations to deliver seamless, data-driven customer experiences across the entire digital journey. By unifying content management, customer data, engagement, product information, and interactive data collection capabilities — including solutions such as Qualifio, Raptor, Quable, Actito — Ibexa enables marketing and digital teams to break down silos and orchestrate high-impact, personalised experiences at scale. We are a team of more than 350 professionals across Europe. As Ibexa continues to expand its footprint across Europe and beyond, we are looking for ambitious sales professionals who are eager to help organisations transform their marketing ecosystems and unlock new growth opportunities.

About the Role

We are looking for a GRC Lead to help build, operate, and continuously improve our security governance framework across a growing SaaS organisation. As a key member of the IT Security team, you will own the governance, risk, compliance, and certification dimensions of our security program. You will work closely with Engineering, Infrastructure, Internal IT, HR, Legal, Product, and executive leadership to ensure that security requirements are properly defined, documented, monitored, and evidenced. You will be the primary owner of our ISO 27001 roadmap, risk management framework, security policies, client security questionnaires, and auditor interactions. This role combines strategic thinking, operational execution, stakeholder management, and a pragmatic approach to compliance.

What You Will Do

Governance & Compliance

• Own and maintain the company's Information Security Management System (ISMS)
• Lead the ISO 27001 certification and continuous improvement roadmap
• Define, document, and continuously improve security policies, standards, procedures, and controls
• Ensure security governance remains aligned with business objectives and regulatory requirements
• Coordinate security-related activities with Legal, HR, DPO, Internal IT, Infrastructure, and Product teams

Risk Management

• Own and maintain the corporate security risk register
• Facilitate risk identification, assessment, treatment, and follow-up activities
• Drive remediation planning and ensure appropriate tracking of security actions
• Support management decision-making through risk-based recommendations

Client & External Security Interactions

• Lead responses to customer security questionnaires and due diligence requests
• Coordinate security-related discussions during sales cycles and customer audits
• Act as the primary point of contact for external auditors and certification bodies
• Coordinate penetration testing engagements and remediation follow-up
• Prepare security documentation and evidence packages for customers and auditors

Security Processes & Reporting

• Define and maintain security processes across the organization
• Coordinate incident follow-up processes and post-incident action tracking
• Produce governance dashboards and security reporting for leadership
• Contribute to KPI definition and measurement frameworks
• Support quarterly security committees and executive security reviews

Cross-Functional Collaboration

• Work closely with the Technical Security Lead on security initiatives
• Partner with Infrastructure, Internal IT, and Engineering teams to ensure compliance requirements are effectively implemented
• Support security awareness initiatives and company-wide security programs
• Contribute to the continuous improvement of Technical and Organizational Measures (TOMs)

Job Requirements

What We Are Looking For

• 5+ years in GRC, Information Security, Internal Audit, or a related field
• Hands-on experience with ISO 27001, security audits, compliance assessments, and risk management
• Experience handling customer security reviews and questionnaires
• Background in SaaS, cloud, software, or technology environments

• Strong understanding of information security governance and risk management
• Familiarity with security frameworks such as ISO 27001, SOC 2, and NIST
• Knowledge of cloud environments, software development, and data privacy principles

Skills

• Excellent written communication and documentation skills
• Fluent in English and French
• Strong stakeholder management and collaboration abilities
• Ability to translate security requirements into practical business processes
• Detail-oriented, structured, and effective with both technical and non-technical audiences
• Able to challenge constructively while fostering collaboration

What Success Looks Like

Within your first year, you will

• Maintain and continuously improve our ISO 27001 compliance posture and extend scope to entities not covered yet
• Improve the quality and efficiency of customer security interactions
• Increase visibility of security KPIs and governance reporting
• Strengthen security processes and evidence management across the organization
• Become a trusted advisor to leadership and operational teams on governance, risk, and compliance matters

Why Join Us

You will play a central role in shaping the security maturity of a growing software organization. Working directly with the Head of IT and C-level executive and alongside technical security specialists, you will have the opportunity to influence how security is embedded into our products, operations, and culture while helping the company scale in a secure and compliant way.