Senior GRC Security Engineer

Company Description

We are SGS – the world's leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 99,600 employees operate a network of 2,600 offices and laboratories, working together to enable a better, safer and more interconnected world. 

Job Description

We are seeking a skilled and motivated Senior GRC Security Engineer to join our Technical Security Office (TSO). In this role, you will take the lead in safeguarding our organization by ensuring compliance, managing cyber risks, and implementing robust security solutions.

Specific responsibilities:

• Security Operations: Design, implement, and monitor security controls to protect the organization’s IT infrastructure.
• Policies & Governance: Develop, update, and enforce security policies, procedures, and hardening standards to meet regulatory and business needs.
• Compliance Management: Ensure adherence to cybersecurity frameworks (ISO 27001, GDPR, NIST, PCI-DSS, NIS2) and manage audits and GRC reporting.
• Risk Mitigation: Assess and address cybersecurity risks, supporting security exception management and mitigation strategies.
• Audit & Assessment Support: Collaborate on customer security assessments and internal/external audits, including ISO 27001 and ITGC reviews.
• Cross-Team Collaboration: Work with IT, development, business lines, and HR to integrate security controls and ensure policy compliance.
• Business Continuity: Develop and document strategies to minimize operational disruptions from cyber incidents, disasters, or system failures.
• Awareness Campaigns: Lead security training initiatives and drive awareness across the organization.
• Performance Metrics: Create dashboards, track KPIs, and generate reports to evaluate and improve security performance.
• Technical Enhancements: Conduct gap analyses, propose system security improvements, and evaluate security technologies.
• Business Continuity: Develop and document strategies to ensure business continuity during cyber incidents, disasters, or system failures.
• Internal Management: Prepare documentation, presentations, and lead discussions with management on security results and recommendations.

Qualifications

Essential Qualifications

• Bachelor’s degree in Information Technology, Computer Information Systems, or a related field.
• 3–5 years of experience in information security or a similar technical role.
• Expertise in cybersecurity frameworks (ISO 27001, NIST, GDPR, PCI-DSS).
• Strong technical understanding of networks, databases, and operating systems security.
• Proficiency in MS Office tools (Excel, Word, Power BI).
• Excellent communication skills; fluent in English.

Desirable Qualifications

• Certifications: CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer.
• Experience managing compliance audits and risk assessments.
• Familiarity with business continuity planning and S-SDLC practices.
• Knowledge of additional languages is a plus.

Key Soft Skills

• Problem-solving mindset with strong critical thinking abilities.
• Adaptable and able to manage multiple priorities in a fast-paced environment.
• Independent and collaborative team player.

Additional Information

Why SGS?

• Global and very stable company, world leader in the TIC (Testing, Inspection and Certification) industry.
• Flexible schedule with a hybrid work model, allowing 50% remote work, 2 days per week onsite.
• SGS university and Campus for continuos learning options.
• Multinational environment where you will work with colleagues from multiple continents.
• Benefits platform.

Join Us: At SGS, we are committed to fostering an open, friendly, and supportive culture that thrives on teamwork. We value diversity and provide endless opportunities to learn, grow your expertise, and fulfill your potential. Apply now to be part of our motivated and dynamic team!