IT Security Specialist - GRC Lead

About Ibexa

Ibexa is a European marketing orchestration platform that empowers organisations to deliver seamless, data-driven customer experiences across the entire digital journey. By unifying content management, customer data, engagement, product information, and interactive data collection capabilities — including solutions such as Qualifio , Raptor, Quable, Actito — Ibexa enables marketing and digital teams to break down silos and orchestrate high-impact, personalised experiences at scale. We are a team of more than 350 professionals across Europe. As Ibexa continues to expand its footprint across Europe and beyond, we are looking for ambitious sales professionals who are eager to help organisations transform their marketing ecosystems and unlock new growth opportunities.

About the Role

We are looking for a GRC Lead to help build, operate, and continuously improve our security governance framework across a growing SaaS organisation. As a key member of the IT Security team, you will own the governance, risk, compliance, and certification dimensions of our security program. You will work closely with Engineering, Infrastructure, Internal IT, HR, Legal, Product, and executive leadership to ensure that security requirements are properly defined, documented, monitored, and evidenced. You will be the primary owner of our ISO 27001 roadmap, risk management framework, security policies, client security questionnaires, and auditor interactions. This role combines strategic thinking, operational execution, stakeholder management, and a pragmatic approach to compliance.

What You Will Do

Governance & Compliance

Own and maintain the company's Information Security Management System (ISMS)

Lead the ISO 27001 certification and continuous improvement roadmap

Define, document, and continuously improve security policies, standards, procedures, and controls

Ensure security governance remains aligned with business objectives and regulatory requirements

Coordinate security-related activities with Legal, HR, DPO, Internal IT, Infrastructure, and Product teams

Risk Management

Own and maintain the corporate security risk register

Facilitate risk identification, assessment, treatment, and follow-up activities

Drive remediation planning and ensure appropriate tracking of security actions

Support management decision-making through risk-based recommendations

Client & External Security Interactions

Lead responses to customer security questionnaires and due diligence requests

Coordinate security-related discussions during sales cycles and customer audits

Act as the primary point of contact for external auditors and certification bodies

Coordinate penetration testing engagements and remediation follow-up

Prepare security documentation and evidence