Full-Time Risk & Compliance Manager

Are you ready to elevate your career within one of Europe's leading IT companies? Devoteam is looking for a talented and proactive Risk & Compliance Manager to join our growing team. If you're passionate about securing digital landscapes and driving impactful change, we want to hear from you!

Our New Risk & Compliance Manager

We're looking for a proactive and experienced Risk & Compliance Manager to join our team, reporting directly to the CISO. In this crucial role, you'll be developing, implementing, and maturing our risk and compliance programs, ensuring we meet industry standards and regulatory requirements. You'll lead certification efforts, enhance our risk management framework, and maintain a robust governance structure, all while translating complex technical concepts into clear business insights.

Some of Your Responsibilities:

• Manage end-to-end certification processes for various standards (e.g., ISO 27001, SOC2, Managed Service Provider (MSPs), from initial scoping to successful audit completion and certification delivery.
• Design, implement, and continuously improve a comprehensive risk management framework, including risk assessment methodologies, treatment plans, and ongoing monitoring.
• Build and maintain a robust governance structure, including the creation and review of policies, control assessments, definition of Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), audit oversight, and regular reporting to stakeholders.
• Act as the primary point of contact for internal and external audits, coordinating responses, tracking findings, and ensuring timely remediation of identified gaps to maintain continuous compliance.
• Effectively utilize and manage Governance, Risk, and Compliance (GRC) tools such as OneTrust, RSA Archer, or ServiceNow to streamline processes and reporting.
• Collaborate closely with executives, the CISO, and cross-functional teams to communicate risk posture, audit findings, and compliance metrics, reinforcing a culture of security and trust.
• Contribute to and potentially lead aspects of third-party risk management, including vendor assessments and customer trust initiatives.

Some of Our Requirements:

• 3+ years of progressive experience in risk management, compliance, or governance roles, preferably within the technology sector or other highly regulated industries.
• Proven track record of successfully managing and delivering complex certification efforts (e.g., ISO 27001, SOC2).
• Strong background in various risk assessment methodologies and practical experience in building and executing effective risk treatment plans.
• Demonstrated experience in managing and optimizing GRC tools.
• Excellent verbal and written English communication skills, with the ability to translate intricate technical risks into clear, actionable business terms for diverse audiences, including senior leadership.
• Strong organizational and project management skills, capable of managing multiple assurance streams, certification programs, and governance rollouts simultaneously.

It would be awesome, if you have:

• Professional certifications such as CISM, CRISC, or other relevant security and risk management credentials.
• Familiarity with standards and frameworks: ISO 27001, NIST 800‑53/CSF, SOC2.

What You Can Look Forward To:

• Becoming a part of a very specialized team that will support your ability to succeed
• A challenging and exciting career with an international perspective and opportunities

Salary from 3200 EUR gross (depending on the experience and competencies)

What is the last date for applying to the job?

Which countries are accepted for this remote job?