Securing a Global Ecosystem with AI & Technical Grit
Are you tired of "check-the-box" compliance? We are looking for a GRC Specialist who understands that real security happens at the intersection of technical architecture and global regulation.
As a key defender of our data integrity for 49 million global customers, you won’t just be managing spreadsheets. You will be the primary gatekeeper for our third-party ecosystem and the architect of a security-first culture. In this role, we embrace an AI-first approach, leveraging automation and AI-driven insights to streamline risk analysis, answer complex data queries, and move at the speed of modern e-commerce.
The Impact You Will Make
- Own Third-Party Trust (TPRM): Independently lead 5–10 vendor security assessments per month. You’ll dive deep into SIG questionnaires and technical evidence—evaluating EDR deployment, Firewall logic, and Encryption (at rest/transit)—to ensure our partners meet our rigorous standards.
- Architect Compliance: Lead the charge for PCI-DSS and NIS2 audit readiness. You’ll translate complex EU/UK/US regulatory requirements into actionable engineering tasks.
- Modernize Policy: Research and draft updates for our Information Security Policy library, ensuring we are always aligned with ISO 27001 and NIST standards.
- Master the Tools: Act as the power user and administrator for OneTrust, optimizing workflows to make compliance a seamless part of the business.
- Influence Culture: Beyond basic training, you will create engaging, high-impact security awareness content and phishing simulations via the Saba platform.
Groupon is a marketplace where customers discover new experiences and services everyday and local businesses thrive. To date we have worked with over a million merchant partners worldwide, connecting over 16 million customers with deals across various categories. In a world often dominated by e-commerce giants, we stand out as one of the few platforms uniquely committed to helping local businesses succeed on a performance basis.
Groupon is on a radical journey to transform our business with relentless pursuit of results. Even with thousands of employees spread across multiple continents, we still maintain a culture that inspires innovation, rewards risk-taking and celebrates success. The impact here can be immediate due to our scale and the speed of our transformation. We're a "best of both worlds" kind of company. We're big enough to have the resources and scale, but small enough that a single person has a surprising amount of autonomy and can make a meaningful impact.
Why Join Us?
We value Ownership and Accountability. In our team, you manage your day and your projects with minimal supervision. We offer a flexible, global environment where the security team works across time zones (GMT-6 to GMT+5) and values innovation over bureaucracy.
Groupon is an AI-First Company We’re committed to building smarter, faster, and more innovative ways of working—and AI plays a key role in how we get there. We encourage candidates to leverage AI tools during the hiring process where it adds value, and we’re always keen to hear how technology improves the way you work. If you’re passionate about AI or curious to explore how it can elevate your role—you’ll be right at home here.
What You Bring to the Team
- Experience: 1–3+ years in IT Risk, Audit, or GRC (preferably within Fintech, E-commerce, or highly regulated industries).
- Technical Literacy: You can speak the language of engineers. You understand cloud security (AWS/GCP), network controls, and vulnerability management.
- Regulatory Fluency: Deep, hands-on knowledge of GDPR, PCI-DSS, and NIS2.
- Analytical Skepticism: You look past "Yes/No" answers to find the actual underlying risk.
- The AI Mindset: You are eager to utilize AI tools to automate documentation, research complex regulatory changes, and improve GRC efficiency.
- Communication: Fluent English (C1+) with the ability to explain technical hurdles to non-technical stakeholders (Legal, HR, Procurement).
