Senior Information Security GRC Specialist (f/m/d)

Purpose of Position

To lead and mature Awin’s global Information Security Governance, Risk, and Compliance (GRC) function by driving effective risk management, ensuring alignment with international frameworks and local regulatory requirements, and embedding a strong security governance culture across the business. This role acts as a senior advisor to the organisation on security risks, supports strategic decision-making through risk insights, and ensures that internal control frameworks are both robust and business-enabling.

Core Responsibilities

• Own and evolve Awin’s global information security risk management frameworks, ensuring alignment with international frameworks and relevant regulations.
• Lead enterprise-level security risk assessments for strategic projects, transformation initiatives, and third-party engagements, providing executive-ready recommendations.
• Manage the Information Security Risk Registers within the Hyperproof GRC platform.
• Act as a senior advisor to the business on security risk posture, facilitating regular risk assessments, defining risk treatment plans, and maintaining the enterprise and tactical risk registers.
• Act as a key point of contact for internal and external stakeholders on security matters.
• Provide strategic oversight of the internal control framework rollout, partnering with senior stakeholders and regional teams to embed governance principles and ensure consistent risk mitigation across business units.
• Lead the security input to enterprise risk discussions, participating in governance forums and presenting key risks and mitigations to senior management and the board.
• Influence and support the integration of security-by-design principles into Product and Technology teams.
• Oversee the development and maintenance of incident response frameworks, including tabletop exercises and post-incident reviews, ensuring lessons learned are institutionalised.
• Stay abreast of evolving regulatory and threat landscapes, translating external developments into actionable internal strategy and control adjustments.

Additional GRC Activities

• Mentor and guide GRC team members, fostering professional development, high performance, and a collaborative culture.
• Set KPIs and lead reporting of security governance and risk metrics to demonstrate programme effectiveness and drive continuous improvement.
• Represent GRC interests in cross-functional initiatives, ensuring security is embedded early and appropriately throughout the business lifecycle.

Professional experience and skills:

• 5+ years of experience in an Information Security or IT Risk/Compliance role within a GRC function.
• 2+ years of experience as a lead or senior GRC professional
• Proven experience working within an ISMS environment certified to ISO 27001.
• Strong experience conducting and presenting security risk assessments to senior leadership and boards.
• Solid understanding of security frameworks and standards: ISO 27001, NIST CSF, CIS, GDPR.
• Demonstrated success in designing or overseeing internal control frameworks (e.g. ISO 27001, NIST CSF).
• Certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor/Implementer.
• Excellent written communication and documentation skills.
• Strong attention to detail with a methodical and analytical mindset.
• Strong stakeholder management skills with the ability to engage and influence at senior levels (up to board/C-level).
• Ability to collaborate across departments and build stakeholder trust.
• Proactive and adaptable; comfortable working in a fast-paced, changing environment.
• Demonstrates a project-oriented mindset with the ability to prioritise and manage competing tasks.

Our Offer

• Flexi-Week and Work-Life Balance: We prioritise your mental health and wellbeing, offering you a flexible four-day Flexi-Week at full pay and with no reduction to your annual holiday allowance. We also offer a variety of different paid special leaves.
• Flexi-Office: We offer an international culture and flexibility through our Flexi-Office and hybrid/remote work possibilities to work across Awin regions
• Health & Well Being: With our support and access to various initiatives and sports offers, you can devote yourself to your mental and physical well-being. .
• Development: We’ve built our extensive training suite Awin Academy to cover a wide range of skills that nurture you professionally and personally, with trainings conveniently packaged together to support your overall development.
• Remote Working Allowance: You will receive a monthly allowance to cover a part of your running costs. In addition, we will support you in setting up your remote workspace appropriately.
• Appreciation: Thank and reward colleagues by sending them a voucher through our peer-to-peer program.
• We are hiring in multiple countries, additional benefits in terms of health, well being, security and more will be discussed further upon first initial interview with the talent team.

Established in 2000, Awin is proud of our dynamic, social and inclusive culture.

Like all businesses, we’ve had to adapt and nurture our culture in a virtual environment. Our virtual ‘Life @ Awin’ hub brings our colleagues from across the globe together for various social activities.

Diversity & Inclusion are paramount to us, and we proudly pursue and hire diverse team members. We champion uniqueness and authenticity; this is who we are at our core. Our network of affiliate partnerships are diverse and transparent, as are the employees powering our vision to build the world’s leading open partner ecosystem. We welcome all backgrounds, identities, and experiences. If you need support at any point in the application or interview process, please let us know.

Apply now to begin the next stage of your career at a progressive company that supports both your professional and personal development.

#LI-MM1