GRC Specialist; Risk and Compliance - Fully Remote

Do you enjoy combining security, risk, and compliance with practical, scalable solutions rather than pure “check-the-box” compliance?

Do you enjoy cross-functional work with Security, Engineering, and IT?

Great, please read on as we have the role for you!

We’re partnering with a fast-growing, international Legal Tech / SaaS company that builds a leading legal data intelligence platform used globally. Their Security organization is investing heavily in modern, technology-driven governance, risk & compliance (GRC) and is now looking for an Advanced Risk & Compliance Analyst to join the team in Poland.

This is an opportunity to work in a security-focused environment, within an international team, where you’ll have a real impact on how security controls are designed, tested, and automated across a global SaaS product. You will be a member of the Governance, Risk & Compliance (GRC) team within the Security function. Your work will focus on the company’s global information security management program and control landscape.

This is a fully remote B2B contract opportunity in Poland which will end at the end of 2026.

• Control testing & second-line assurance:
  Perform monthly control testing to validate that key security and IT controls are operating effectively.
• Conduct process and operational reviews against predefined test procedures.
• Support second-line audit-type activities, reviewing evidence and identifying gaps.
• Policy & procedure lifecycle:
  Coordinate and track annual reviews of policies, standards, and procedures.
• Work with stakeholders to update and improve documentation so it’s both audit-ready and useful to the business.
• Risk & compliance program support:
  Coordinate tracking of the information security management program, including control performance monitoring, risk assessments, compliance-related activities and exceptions.
• Maintain accurate control testing files and risk ratings for identified issues.
• Audit support:
  Prepare and organize evidence for internal and external audits.
• Support engagements aligned to frameworks such as ISO/IEC 27001/27018, NIST 800-53, and SOC 2.
• Work with auditors to explain controls, processes, and remediation actions.
• Automation & workflow improvement:
  Help develop and operationalize automated evidence collection processes integrated with control workflows and ticketing systems, reducing manual effort and audit friction.

• 2+ years of professional experience in Risk management, Internal audit (especially IT audit), Security/compliance or GRC roles
• Experience with ISO/IEC 27001/ 27018, SOC 2 knowledge is a plus
• Experience with external and/or internal audit, control development, and control development and testing
• Experience with in a SaaS environment or another higher regulated environment
• Experience with GRC tools such as Archer, Service Now, Logic Gate or similar
• Clearly articulate risk and control concepts to both technical and non-technical stakeholders.
• Experience with project management tools like JIRA or Asana is desired
• Nice to have experience in designing or supporting automated evidence collection workflows for audits, control testing, or continuous compliance programs.

• Work on a leading global tech product in the Legal Tech space, where security and compliance are critical.
• Be part of a growing, international GRC team with a mandate to modernize and improve how security controls are designed, tested, and automated.
• Gain exposure to multiple security frameworks and certifications (ISO, SOC 2, NIST).
• The chance to shape and improve processes, not just execute them.