Compliance and Risk Specialist

About the Role  

StormGeo is seeking an experienced and knowledgeable Compliance and Risk Specialist to join our CISO team. In this senior role, you will be responsible for ensuring the company’s compliance with relevant global laws, regulations, and frameworks such as GDPR, ISO/IEC 27001, NIST, SOC 2, PCI-DSS, and NIS2. Your expertise will help to shape and maintain the company’s risk management strategy, ensuring that security measures and controls are aligned with necessary requirements. 

You will conduct internal audits, assist in certification processes, and validate that our security practices meet regulatory expectations. The role requires a proactive mindset to stay ahead of new regulatory requirements and an ability to quickly familiarize yourself with emerging laws. As a key member of the team, you will work closely with various departments to ensure compliance is woven into every aspect of the organization’s cybersecurity practices. Senior or expert-level experience is preferred, but we are open to mid-level candidates with relevant experience. 

Main responsibilities 

• Monitor and ensure compliance with applicable security and privacy regulations, keeping an overview of relevant laws and the company’s compliance status. 
• Conduct regular internal audits and controls of security processes and technical measures, document findings, and recommend corrective actions when needed. 
• Coordinate and prepare for external audits and certifications (e.g. ISO 27001, SOC 2), acting as a liaison with external auditors and regulators. 
• Identify and assess security risks within the organization through structured risk assessments, maintaining risk registers and ensuring mitigation plans are followed up. 
• Develop and update security policies, procedures, and guidelines in line with evolving regulations, such as new requirements in NIS2, and industry best practices. 
• Advise project teams and business units on compliance requirements for new products or markets, ensuring security and privacy by design are implemented.  
• Assess security incidents from a compliance perspective, ensuring proper reporting and actions are taken in case of breaches (e.g. GDPR notifications). 
• Stay up-to-date on emerging threats, regulatory changes, and industry standards, advising the organization on their impact and compliance implications. 

Core requirements 

• Documented expertise in reading legal documents related to security and privacy. 
• In-depth knowledge of international security and privacy frameworks, including GDPR, ISO/IEC 27001, NIST (e.g. NIST CSF, 800-53), SOC 2, PCI-DSS, NIS2, etc. 
• Experience in establishing and maintaining an Information Security Management System (ISMS) and developing associated policies, procedures, and controls. 
• Ability to translate laws, regulations, and standards into practical internal policies and security measures. 
• Experience in conducting risk analyses and ongoing risk management, including knowledge of frameworks like ISO 27005, NIST 800-30, and risk matrices/registers. 
• Familiarity with audit and certification processes (internal and external); experience planning, performing, and following up on audits (e.g. ISO 27001, SOC 2). 
• Technical understanding to validate implemented security measures, ensuring compliance with relevant standards (e.g. verifying configurations, access controls, and logging). 
• Experience in third-party risk management and supplier management to ensure external partners meet security requirements is an advantage. 
• Highly detail-oriented and organized; able to manage complex requirements and extensive documentation without losing oversight. 
• Excellent written and verbal communication skills, with the ability to draft clear policies, reports, and communicate with both technical teams and senior management. 
• High integrity and ethical standards, essential for monitoring compliance and reporting deviations. 
• Strong collaboration skills; capable of working with legal, IT, development, and operations teams to implement necessary actions and foster a shared understanding of requirements. 
• Ability to quickly learn and adapt to new regulations, proactively adjusting internal processes to meet evolving standards. 
• Fluency in English is required for communication with international colleagues, customers, and regulators. 
• Comfortable working across borders and time zones, with an understanding of cultural nuances when collaborating globally. 

Preferred Certifications 

• Relevant certifications in information security management and risk are highly desirable, such as CISM, CRISC. 
• Certifications related to auditing and compliance, including CISA, ISO 27001 Lead Auditor/Implementer, and privacy certifications like CIPM or CIPP/E, are highly beneficial. 
• A broad security certification portfolio, such as CISSP or specialized certifications in regulatory compliance, will be an advantage. 

Company offers 

• Smart, creative, and innovative environment, where you'll work alongside a talented and supportive team of professionals.  
• Hybrid Work Model. 
• International development opportunities to support your professional growth.  
• Additional benefits vary by location and may include subsidized lunch, gym memberships, commute compensation, and more. Specific details will be shared during the hiring process. 

If you're a skilled Compliance and Risk Specialist with a passion for impactful decisions and working with a dynamic team, apply now to join StormGeo!

We value diverse perspectives and welcome candidates from all backgrounds and industries. StormGeo offers a stimulating international environment where we challenge, encourage, and support each other.
Get a glimpse of our culture and what it’s like to be part of our team by watching this short video: StormGeo.

How to Apply: To apply for the position, kindly utilize the provided application link. It's important to note that applications and CVs submitted via email will not be considered. We will be reaching out to suitable candidates continuously, so we encourage you to submit your application promptly if you are keenly interested.