IT Security Specialist - GRC Lead

About Ibexa

Ibexa is a European marketing orchestration platform that empowers organisations to deliver seamless, data-driven customer experiences across the entire digital journey. By unifying content management, customer data, engagement, product information, and interactive data collection capabilities — including solutions such as Qualifio, Raptor, Quable, Actito — Ibexa enables marketing and digital teams to break down silos and orchestrate high-impact, personalised experiences at scale. We are a team of more than 350 professionals across Europe. As Ibexa continues to expand its footprint across Europe and beyond, we are looking for ambitious sales professionals who are eager to help organisations transform their marketing ecosystems and unlock new growth opportunities.

About the Role

We are looking for a GRC Lead to help build, operate, and continuously improve our security governance framework across a growing SaaS organisation. As a key member of the IT Security team, you will own the governance, risk, compliance, and certification dimensions of our security program. You will work closely with Engineering, Infrastructure, Internal IT, HR, Legal, Product, and executive leadership to ensure that security requirements are properly defined, documented, monitored, and evidenced. You will be the primary owner of our ISO 27001 roadmap, risk management framework, security policies, client security questionnaires, and auditor interactions. This role combines strategic thinking, operational execution, stakeholder management, and a pragmatic approach to compliance.

What You Will Do

Governance & Compliance

•

Own and maintain the company's Information Security Management System (ISMS)

•

Lead the ISO 27001 certification and continuous improvement roadmap

•

Define, document, and continuously improve security policies, standards, procedures, and controls

•

Ensure security governance remains aligned with business objectives and regulatory requirements

•

Coordinate security-related activities with Legal, HR, DPO, Internal IT, Infrastructure, and Product teams

Risk Management

•

Own and maintain the corporate security risk register

•

Facilitate risk identification, assessment, treatment, and follow-up activities

•

Drive remediation planning and ensure appropriate tracking of security actions

•

Support management decision-making through risk-based recommendations

Client & External Security Interactions

•

Lead responses to customer security questionnaires and due diligence requests

•

Coordinate security-related discussions during sales cycles and customer audits

•

Act as the primary point of contact for external auditors and certification bodies

•

Coordinate penetration testing engagements and remediation follow-up

•

Prepare security documentation and evidence packages for customers and auditors

Security Processes & Reporting

•

Define and maintain security processes across the organization

•

Coordinate incident follow-up processes and post-incident action tracking

•

Produce governance dashboards and security reporting for leadership

•

Contribute to KPI definition and measurement frameworks

•

Support quarterly security committees and executive security reviews

Cross-Functional Collaboration

•

Work closely with the Technical Security Lead on security initiatives

•

Partner with Infrastructure, Internal IT, and Engineering teams to ensure compliance requirements are effectively implemented

•

Support security awareness initiatives and company-wide security programs

•

Contribute to the continuous improvement of Technical and Organizational Measures (TOMs)