GRC Specialist (Risk and Compliance) - Fully Remote

Do you enjoy combining security, risk, and compliance with practical, scalable solutions rather than pure "check-the-box" compliance?Do you enjoy cross-functional work with Security, Engineering, and IT?Great, please read on as we have the role for you!We're partnering with a fast-growing, international Legal Tech / SaaS company that builds a leading legal data intelligence platform used globally. Their Security organization is investing heavily in modern, technology-driven governance, risk & compliance (GRC) and is now looking for an Advanced Risk & Compliance Analyst to join the team in Poland.This is an opportunity to work in a security-focused environment, within an international team, where you'll have a real impact on how security controls are designed, tested, and automated across a global SaaS product. You will be a member of the Governance, Risk & Compliance (GRC) team within the Security function. Your work will focus on the company's global information security management program and control landscape.This is a fully remote B2B contract opportunity in Poland which will end at the end of 2026.Your Tasks Will Include:Control testing & second-line assurance: Perform monthly control testing to validate that key security and IT controls are operating effectively.Conduct process and operational reviews against predefined test procedures.Support second-line audit-type activities, reviewing evidence and identifying gaps.Policy & procedure lifecycle: Coordinate and track annual reviews of policies, standards, and procedures.Work with stakeholders to update and improve documentation so it's both audit-ready and useful to the business.Risk & compliance program support: Coordinate tracking of the information security management program, including control performance monitoring, risk assessments, compliance-related activities and exceptions.Maintain accurate control testing files and risk ratings for identified issues.Audit support: Prepare and organize evidence for internal and external audits.Support engagements aligned to frameworks such as ISO/IEC 27001/27018, NIST 800-53, and SOC 2.Work with auditors to explain controls, processes, and remediation actions.Automation & workflow improvement: Help develop and operationalize automated evidence collection processes integrated with control workflows and ticketing systems, reducing manual effort and audit friction.To be a good fit for the GRC Specialist (Risk and Compliance) role, you will have:2+ years of professional experience in Risk management, Internal audit (especially IT audit), Security/compliance or GRC rolesExperience with ISO/IEC 27001/ 27018, SOC 2 knowledge is a plusExperience with external and/or internal audit, control development, and control development and testingExperience within a SaaS environment or another higher regulated environmentExperience with GRC tools such as Archer, ServiceNow, LogicGate or similarClearly articulate risk and control concepts to both technical and non-technical stakeholders.Experience with project management tools like JIRA or Asana is desiredNice to have experience in designing or supporting automated evidence collection workflows for audits, control testing, or continuous compliance programs.What's in it for youWork on a leading global tech product in the Legal Tech space, where security and compliance are critical.Be part of a growing, international GRC team with a mandate to modernize and improve how security controls are designed, tested, and automated.Gain exposure to multiple security frameworks and certifications (ISO, SOC 2, NIST).The chance to shape and improve processes, not just execute them.#J-18808-Ljbffr