Back to jobs
Be comfortable. Be you.
We hire BETTER.
Senior Manager: Governance, Risk and Compliance
Sofia/PlovdivPosted 1 months ago
Full-timeonsite
Job Description
Senior Manager: Governance, Risk and Compliance
Department: Security
Employment Type: Full Time
Location: Sofia/Plovdiv
Reporting To: Chief Information Security Officer
Compensation: €60,000 - €65,000 / year
Description
Reward Gateway|Edenred is a leading digital platform and global market leader in benefits and employee engagement. We help our clients and their leaders to transform employee experience that will attract, engage and retain top talent through employee benefits,
An opportunity has become available for a motivated and passionate Information Security professional to assume the role of Senior Manager: Governance, Risk and Compliance. You will define and lead the GRC strategy and operating model, ensuring that governance, risk management, compliance, security, and resilience are embedded into the way the company operates and grows.
This role owns the integrated control framework, multi-standard certifications, enterprise risk, business continuity, and key regulatory readiness programs (including NIS 2, EU AI Act for AI governance/compliance), while acting as a trusted advisor to the Leadership Team.
You will continue to build and lead our high-performing GRC function, manage the GRC team and budget, and deliver automation-driven, data-backed oversight that enables innovation and commercial agility.
Some of Your Responsibilities & Core Duties will be:
- Lead, manage, and develop the GRC team, including hiring, coaching, performance management, and succession planning. Champion a culture where governance, risk and compliance are seen as business enablers, not blockers.
- Manage our control framework, covering ISO 27001, 22301, 9001, 14001, SOC2 Type 2, PCI DSS & CE+.
- Implement and manage ISO 42001 within the integrated management system, ensuring alignment with organisational objectives.
- Partner with our Cyber Security, IT, Product and Engineering Teams to ensure that information security governance and policies remain effective, aligned with risk appetite, and embedded into day-to-day operations.
- Own and mature the Vendor Risk Management (VRM) framework, including vendor criticality tiers, onboarding, due diligence, and ongoing monitoring.
- Manage and test Business Continuity Plans (BCPs) across critical business services, locations, and supporting technology.
- Own the enterprise risk management framework, methodology, and tools.
- Lead regular Information Security and AI Risk Board meetings, ensuring clear risk ownership, documented decisions, and timely follow-up on agreed actions.
- Use KPIs to monitor GRC process performance, drive continuous improvement, and evidence the value and maturity of the GRC function.
- Support the creation, enhancement, and maintenance of technical and procedural documentation (policies, standards, guidelines, and work instructions).
The Experience and Key Skills you will have:
- At least 5+ years’ experience in the capacity of a GRC Manager/Senior GRC Analyst or a Lead Auditor is required.
- Certification in ISO 27001 and/or recognised IT governance and security certification such as CRISC, CISA, CISSP, etc.
- Experience implementing or managing Governance, Risk and Compliance (GRC) systems.
- Hands-on experience as an Internal Security Assessor for PCI DSS and leading or heavily supporting PCI DSS certification or assessments.
- Experience with NIS 2, AI governance / AI compliance, and other emerging regulatory frameworks, or clear capability to rapidly build this expertise.
- Demonstrated ability to assess and design internal controls for information security in enterprise or high-growth SaaS environments, including cloud-native architectures.
- Understanding of fundamental information security concepts and technology and have previous exposure to cloud technologies and cloud security.
- Superb English communication skills with the ability to interact effectively with multi-disciplinary teams.
The Interview Process:
- Online interview with the Senior Talent Partner.
- First stage video interview with the CISO and the Head of Cyber.
- Final stage video interview with the Chief Technology Officer and the CISO.
Be comfortable. Be you.
At Reward Gateway, we want all of our employees to feel comfortable bringing their passion, creativity and individuality to work. We value all cultures, backgrounds and experiences, as we truly believe that diversity drives innovation. Express yourself, join our community and help us Make the World a Better Place to Work.
We hire BETTER.
From perks to people, our BETTER approach to hiring earns us more trust, happier people and more world-class talent that help us to make the world a better place to work. Find out more about Reward Gateways approach to benefits, equality, talent, technology, empathy and what you’ll get in return for joining our Mission at rg.co/lifeatrg.