Security Specialist – GRC

JOB LEVEL: 

Mid/Senior

EMPLOYMENT TYPE:

Full Time, Hybrid, Standard working time

ABOUT US:

We are part of a group of technology companies with over 25 years of history and a proven track record of creating high-tech platforms for managing online payments, massive networks of users, data and internet traffic. It is a leader in providing services in the field of Software development, Technical Compliance and Managed IT services for regulated institutions, auditing, and certification according to PCI-DSS and ISO27001 and ISO/IEC20000-1 standards.

It also offers Cloud and hosting solutions for corporate customers as well as Managed DevOps services for customers in Europe and North America. The company has over 200 experts and its office locations in: Sofia – Bulgaria, Kiel – Germany, London – United Kingdom, Barcelona – Spain, Vilnius – Lithuania, Warsaw – Poland, Bratislava – Slovakia and Tirana – Albania.

 

ABOUT POSITION:

We are looking for a Security Specialist – GRC (Governance, Risk, Compliance Specialist) to support and manage IT governance, risk, and compliance activities across the organization. The role involves collaborating with internal teams and auditors, overseeing compliance programs such as PCI DSS, ISO 27001, ISO 20000-1, and SOC 2, and ensuring adherence to regulatory requirements and industry standards. You will help drive improvements in the company’s IT compliance framework and contribute to effective risk management across all projects.

KEY RESPONSIBILITIES:

  • Manage risk and vulnerability assessments, validation testing, compliance reviews and audits in accordance with NIST standards
  • Manage and support PCI DSS, ISO 20000-1, SOC 2 and ISO 27001 audits
  • Promote widespread implementation of ISO 27001 and ISO 20000-1 standards
  • Maintain and monitor a central repository for audit evidence
  • Inform the proper stakeholders of important concerns and risks
  • Collaborate with stakeholders to align Corporate IT, Procurement, and Privacy departments with GRC objectives
  • Maintain up-to-date knowledge of procedures and methodologies to broaden team expertise and industry knowledge
  • Manage and review security standards, policies and practices annually to ensure alignment with corporate requirements
  • Support business units with inquiries related to ongoing operational compliance
  • Proactively identify areas for improvement and provide value-added recommendations for process and control enhancements
  • Communicate effectively with management to highlight risks, avoid surprises, and ensure timely delivery

 

JOB REQUIREMENTS:

  • 3+ years of direct experience in information security, with a primary focus on risk and compliance
  • Experience conducting ISO 27001, ISO 20000-1, PCI DSS and SOC 2 audits and managing audit responses will be considered an advantage
  • Strong understanding of regulatory and compliance frameworks, including ISO 27001, SOC 2, ISO 20000-1, PCI DSS, NIST, FedRAMP, CMMC and GDPR
  • Knowledge of identity management standards, cloud storage and disaster recovery practices
  • Experience working with GRC tools (e.g., OneTrust or similar)
  • Proven track record of managing multiple risk and compliance projects simultaneously
  • Experience coordinating third-party audits, collecting evidence and organizing audit responses
  • Strong attention to detail
  • Excellent written and verbal communication skills with the ability to collaborate across cross-functional teams
  • Strong analytical and problem-solving skills aligned with achieving corporate objectives

 

WHAT WE OFFER:

  • Competitive salary package – because your talent deserves it
  • Extended health & dental insurance – we’ve got your back (and teeth)
  • Corporate gym membership rates – stay strong, grow fast
  • Supportive & collaborative culture – zero egos, just great teamwork
  • Flexible working hours – results matter, not time spent at a desk
  • Hybrid work model – work from home or join us at the office
  • Office perks – unlimited coffee, snacks, and a stocked fridge
  • Regular team events – from teambuilding’s to epic parties

 

If you have the required skills and experience, and you are passionate about database management and fintech systems, we would love to hear from you!

Last Posts

WHO WE ARE?

As your trusted ally our aim is to support you and help you grow.

For us in ZettaOnline is important to know that you can rely on us to grow with you. We will be there for you helping you expand your business and achieving your goals, providing you a team who will tailor any solution to fit your ideas. We can adapt, educate and grow our team depending on your needs.

Providing you first class services and being your first line of defense, we know how important is to maintain a secure place for you. On the other hand employee education and support are crucial for your success. We believe it`s critical to be open and honest with all parties involved in our projects. We give you the ability to view the big picture and to be able to make the best decisions for your company.

That`s why we offer you 24/7 support, transparency and well-established policy and practice of openness in our culture. We want to make IT fun and easy, something that many others fail to do. We also put the needs of others first. We don’t simply provide support targeted to your needs. We also approach technology from a human-centred perspective, ensuring that our clients get the most out of their technological investments.

Team

We help clients transform through consulting, industry solutions, business process services, IT modernization and managed services. Zetta online enables clients, as well as society, to move confidently into the digital future. We are driven by technical innovations and creative approaches to problems. We aren’t just working within the digital age, no, we are the new era.
Our team is continuously growing. With a people-oriented DNA, a relaxed work environment, team building events and room for your own ideas, we try to create the ideal foundation for productive work. Our flextime model enables every colleague to plan their day effectively and also give consideration to individual circumstances. For us, work is not only about technological innovation. It is about connecting people, about building trust with our customers and of course developing our people.