Security

Medior GRC Specialist

Are you the GRC expert who can ensure NIS2 compliance while balancing governance, risk, and operational reality ?

Join a human-sized, not-for-profit, tech-driven organization operating at the very core of Europe’s digital infrastructure. Active for more than two decades, this organization plays a critical role in ensuring the security, stability, and resilience of essential European information systems used by millions of users across the EU and beyond.

As an Essential Entity under the NIS2 Directive, the organization operates in a highly regulated, fast-evolving environment where governance, risk management, and compliance are not just obligations — they are strategic pillars.

To further strengthen its compliance and governance maturity, a new GRC position is being created within the Technology & Security landscape.

As a Medior GRC & NIS2 Compliance Specialist, you will play a key operational and coordinating role in ensuring compliance with the NIS2 Directive and related security and governance frameworks.

You will work closely with Security, Technology, Operations, Legal, and Compliance stakeholders to translate regulatory requirements into practical, auditable, and sustainable controls. This is not a purely theoretical role — you will be deeply involved in implementation, follow-up, evidence collection, and continuous improvement.

Role

Governance, Risk & Compliance (GRC)

Support and maintain the organization’s GRC framework, with a strong focus on NIS2 Essential Entity requirements
Translate NIS2 obligations into concrete policies, controls, procedures, and action plans
Maintain compliance mappings between NIS2, ISO 27001, ISO 22301, GDPR, and other relevant frameworks
Support internal governance bodies with clear reporting on compliance status, risks, and gaps

NIS2 Compliance & Regulatory Readiness

Act as a key contributor to the NIS2 compliance roadmap
Monitor regulatory developments and assess their impact on the organization
Coordinate evidence collection and documentation required for audits, assessments, and inspections
Support interactions with national and European authorities when required

Risk Management

Support risk assessments across technical and non-technical domains
Help consolidate risks at organizational level and track mitigation actions
Follow up on risk treatment plans in collaboration with technical and business teams
Contribute to incident-related compliance processes (post-incident reporting, lessons learned)

Policies, Controls & Continuous Improvement

Draft, review, and maintain security and compliance policies
Ensure policies are aligned with operational reality and effectively implemented
Track compliance KPIs and support continuous improvement initiatives
Contribute to internal audits and compliance reviews

Awareness & Collaboration

Support security and compliance awareness initiatives across the organization
Act as a trusted partner for internal teams on compliance and governance questions
Bridge the gap between regulatory language and operational execution

Profile

GRC & Compliance Expertise

3–6 years of experience in GRC, information security compliance, risk management, or audit
Hands-on experience with NIS2 or strong exposure to similar regulatory frameworks
Solid knowledge of ISO 27001, ISO 22301, GDPR, and general cybersecurity governance principles
Experience working in regulated or critical infrastructure environments is a strong advantage

Skills & Mindset

Strong analytical skills with attention to detail
Ability to turn complex regulatory requirements into clear, actionable controls
Comfortable working with both technical and non-technical stakeholders
Structured, pragmatic, and improvement-oriented mindset
Strong documentation and reporting skills