Governance Risk & Compliance Analyst

About XTEL

At XTEL, we excel in understanding large FMCG players. As a leading software provider of sales automation solutions for the Consumer Goods Industry worldwide, our mission is to partner with our customers to unlock growth through smart investment and optimize their promotional plans.

Position Overview

XTEL is looking for a GRC Analyst who is driven, curious, and eager to grow. You’ll work directly with the Director of Information Assurance to help build and scale a forward-thinking and efficient security & compliance program. This isn’t a check the box compliance role, we’re looking for someone who wants to reimagine how GRC is done and isn’t afraid to roll up their sleeves to make it happen.

This is an ideal opportunity for someone earlier in their GRC career who is looking to learn, contribute meaningfully, and be part of a high impact team.

Key Responsibilities

• Support the ongoing operation and improvement of XTEL’s ISMS.
• Draft, review, and maintain security & compliance policies, standards, and procedures, ensuring they meet evolving compliance requirements and business needs.
• Assist with risk assessments and treatment plans.
• Contribute to our Third Party Risk Management (TPRM) efforts for evaluating vendors beyond just sending out lengthy questionnaires.
• Assist with client security questionnaires, RFPs, and due diligence requests.
• Help monitor compliance obligations across frameworks including ISO 27001, SOC 2, SOC 1/ISAE 3402, GDPR, and NIS2.
• Support ESG initiatives by collecting, analyzing, and reporting on sustainability metrics, including greenhouse gas emissions and energy usage, to meet investor and stakeholder requirements.
• Assist in responding to customer RFPs and inquiries related to ESG, ensuring alignment with sustainability goals and regulatory frameworks.
• Collaborate with stakeholders across IT, Product, Engineering, HR, etc. to implement security controls.
• Continuously look for ways to automate, streamline, and modernize how we manage compliance and security operations.
• Contribute to incident response and BCP/DRP planning and testing.

Qualifications

• You’re motivated, adaptable, and eager to learn.
• You have 2-5 years of experience in security, compliance, or risk management roles, particularly in cloud based SaaS environments.
• You have hands on experience with ISO 27001 and SOC 2.
• You think of GRC as more than just documentation and spreadsheets – you see it as a system to be optimized and improved with technology.
• You’ve supported or helped manage ISMS operations and understand what makes policies and procedures useful.
• You participated in or supported risk assessments.
• You’re organized, self-directed, and thrive in environments where you can take ownership.

Nice to have:

• Experience using GRC platforms such as Drata, Vanta, Secureframe, etc.
• Experience within Microsoft 365 and Azure environments.
• Experience with automation, low-code tools, or scripting to improve workflows and documentation processes.

What We Offer

• A challenging role in a fast-growing AI-driven revenue management company.
• A diverse and international team with strong ownership and a can-do mentality.
• Opportunities to contribute to the organization's growth and development.
• A cross-functional role spanning geographies and departments.
• Flexible working with hybrid and remote options (HQ in Bologna).

Equal Opportunity Statement

If you have strengths to share, we’d love to hear from you. We value diverse backgrounds and experiences, so don’t hesitate to apply even if you don’t meet all criteria.

XTEL is an equal opportunity employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.