We are seeking a detail‑oriented and proactive SaaS GRC Specialist to strengthen our Governance, Risk, and Compliance framework as we scale our SaaS operations. In this role, you will ensure that our business processes, security controls, and regulatory obligations are consistently met. You will work across multiple teams—security, legal, product, and operations—helping us maintain trust with customers and regulators while supporting business growth.

Key Responsibilities

• Own and manage governance, risk, and compliance initiatives for our SaaS platforms.
• Monitor, review, and improve internal policies, procedures, and controls in line with ISO 27001, SOC 2, GDPR, and other regulatory frameworks.
• Conduct risk assessments and recommend mitigation strategies for SaaS operations and customer data protection.
• Collaborate with product, engineering, and IT teams to embed compliance into day‑to‑day operations.
• Prepare and support external audits, certifications, and customer due diligence requests.
• Deliver GRC training and awareness sessions to employees across the business.
• Track regulatory changes and advise leadership on potential business impacts.

Requirements

• Bachelor’s degree in Information Security, Business, Compliance, or related field.
• 2+ years of experience in GRC, risk management, or compliance (preferably within SaaS or technology companies).
• Strong knowledge of SaaS compliance frameworks (ISO 27001, SOC 2, GDPR, NIS2, or similar).
• Ability to interpret regulations and translate them into practical, business‑friendly processes.
• Excellent written and verbal communication skills (German or English; both preferred).
• Strong organizational skills with the ability to manage multiple priorities.

Nice‑to‑Have

• Professional certifications (CISM, CRISC, ISO 27001 Lead Implementer, or similar).
• Experience working with SaaS platforms (AWS, Azure, Salesforce, HubSpot, etc.).
• Familiarity with vendor risk management and third‑party security assessments.
• Exposure to data privacy laws beyond GDPR (CCPA, UK‑GDPR, HIPAA).

Role Type

• Permanent or Contract
• London‑based (Hybrid) or remote

Lex Dinamica is proud to be an equal opportunity employer, which means we are committed to creating and celebrating diverse thoughts, cultures, and backgrounds throughout our organization. Employment at or through Lex Dinamica is based on substantive ability, objective qualifications, and work ethic – not an individual’s background, religion, sex or gender, gender identity or expression, sexual orientation, national origin or ancestry, alienage or citizenship status, physical or mental disability, pregnancy, age, genetic information, veteran status, marital status, status as a victim of domestic violence or sex offenses, reproductive health decision, or any other characteristics protected by applicable law.