GRC Specialist

Orca Security delivers the industry-leading Cloud Security Platform that identifies, prioritizes, and remediates security risks and compliance issues across your cloud estate spanning AWS, Azure, Google Cloud and Kubernetes.

At Orca, we believe that in the right environment and with the right team, talent has no boundaries. This team spirit, together with our drive to always aim high (because the cloud is the limit), have quickly earned us unicorn status and turned us into a global cloud security innovation leader. So if you're ready to join an amazing team of people who inspire each other every day, now is the time to find your place in our pod.

On a typical day you'll:

• Conduct vendor assessment processes for all types of risk level vendors in a thorough and professional manner
• Collaborate in security and privacy audits, such as: ISO 27001, SOC 2 and FedRamp including collecting evidence, collaborating with stakeholders and reporting to auditors
• Update policies, including exceptions and suggestions for corrective actions
• Work in cross-groups projects, such as: user management, compliance solutions
• Participate in the overall security-client-facing efforts: answer security questionnaires from customers, review legal contracts and exhibits from a security perspective, update and maintain our internal knowledge base
• Advise and suggest relevant solutions in order to achieve product compliance

• Work in a highly professional team with a friendly community spirit and supportive environment
• Flexible working hours - we care about you (!) and your output
• Inflation-protected wages with regular revision of compensation conditions
• Paid vacation - 20 days per year, 100% sick leave payment
• Ability to work from our comfortable office in Warsaw at Prosta str. 51
• Partially compensated educational costs (for courses, certifications, professional events, etc.)
• Language classes 2 times a week (online)
• 5 sick days per year
• Equipment provision
• Health insurance (after the end of the probationary period)
• Bright and memorable corporate life: corporate parties, special occasion gifts, weekly pizza fridays with board games.

• 2-4 years of professional experience working in a global software vendor/SaaS company as in-house GRC, Information Security, compliance or similar position
• Strong understanding of security and privacy frameworks, such as ISO27001, SOC 2, GDPR, and NIST (an advantage)
• Experience building and implementing cross-organizational processes
• Strong sense of ownership and responsibility
• Project management and organizational skills, alongside ability to handle multiple tasks simultaneously
• Technical orientation and ability to collaborate with various stakeholders
• High level of professionalism, detail-oriented, proactive and motivated
• A 'can do' attitude, creativity and problem-solving approach
• Legal knowledge and understanding - an advantage