Information Security GRC Specialist


Porto, PT
  • Job Type: Full-Time
  • Function: IT
  • Post Date: 04/28/2021
  • Website:
  • Company Address:

About DefinedCrowd

Our high-quality training data fuels natural, accurate, and successful AI applications and initiatives.

Job Description

Who is DefinedCrowd? Well, from a technical point of view, we leverage the power of a global crowd to provide some of the world’s biggest companies with the high-quality data they need to power their artificial intelligence. We’re instrumental to the progression and development of artificial intelligence and we couldn’t be prouder or more inspired to be involved in an industry that is changing the world.

From a personal point of view, we’re a group of big thinkers, high achievers and creative problem solvers. We bond over our shared love of software engineering, data science, and strong coffee. We like online gaming, running marathons, and team drinks. We celebrate authenticity and diversity and we’re invested in what we do. Our mission? World domination, obviously!

What will you do?

    Join our awesome Cybersecurity Team as a senior Information Security (InfoSec) GRC specialist and embrace a unique and challenging project; You will report directly to the Head of Cybersecurity;
    Work with the Head of Cybersecurity, Data Protection Officer, Legal Counsel and Senior Management to help further improve and steer the InfoSec Governance, Risk and Compliance practice;
    With your skills and experience you will play a key role in helping the business become more secure and resilient to InfoSec incidents, as well as to ensure the compliance with relevant legislation and regulation;
    Work alongside with the Head of Cybersecurity, ensuring security related organization activities and processes are aligned in a way that fully supports the organization’s strategy and business goals;
    Be responsible for leading the development, implementation and oversight of the system-wide risk management function/process of the InfoSec program, ensuring risks are properly identified, treated and monitored; You will implement a risk management framework based on reference standards and industry best practices, as well as supporting policies and processes;
    Be responsible for developing and establishing an organization-wide InfoSec risk aware culture, by developing an internal communication and training strategy to ensure the success of the risk management function;
    Be responsible for leading and conducting regular risk assessment initiatives, quantifying risks and working with relevant stakeholders to define adequate risk responses; Be responsible for maintaining a centralized risk registry and report to senior management/C-suite on the overall business risk posture;
    Be responsible for managing our Information Security Management System (ISMS), developing and implementing comprehensive and effective security policies, standards, guidelines and procedures to help ensure the adequate protection of sensitive data and business critical assets, and the compliance with relevant legislation and regulation;
    Help in the identification and evaluation of relevant international standards, controls and compliance frameworks and legislations/regulations to assess existing information security controls, identify gaps and areas for improvement;
    Be responsible for the maintenance and continuous improvement of our ISO 27001 certification, as well as providing support and responding to related third-party audits;
    Support internal/external audits and evidence collection initiatives, as well as responding to security related client inquires and assessments;
    Be a key contributor and supporter of the Business Continuity Management process;
    Participate in the security awareness & training program, train personnel on relevant policies and standards, risk management best practices, internal security controls, and related processes, roles and responsibilities;
    Participate in defining, collecting and tracking various security metrics in order to help assess the overall security controls efficacy, identify new and lingering risks, report to senior management/C-suite on relevant key indicators, and as an important tool to help steer the security continuous improvement efforts.


Who are we looking for?

We’re looking for someone that’s passionate about CyberSecurity/CyberRisk and is highly experienced in implementing and leading Governance, Risk, and Compliance related functions.

This person is all about risk-oriented practices and very knowledgeable in best-of-breed international security and risk management standards, frameworks, industry best practices, as well legal & regulatory compliance considerations.

You feel thrilled to embrace a unique challenge with a leading AI company, and eager to share your own experiences and knowledge, as well as learn and collaborate with a team of high-minded cybersecurity professionals. Our chosen candidate is determined and a strong critical thinker, a natural leader and communicator, someone that’s passionate and committed to help us achieve our goals.

What will take for you to apply:

    7+ years of experience working in information security or compliance, with proven hands-on experience in Governance, Risk and/or Compliance functions, either working in a well-known organization or for a Big 4 consulting firm with equivalent job responsibilities;
    Academic education in Computer Engineering or similar fields of study, or in Business Management with a technology background, mainly in reference universities;
    Professional certifications such as: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, are a plus;
    Be knowledgeable and experienced in leading the organization through the adoption of international information security and risk management standards & frameworks such as: ISO 27001/27002, ISO 31000/ISO 27005, ISO 17799, ISO 22301, NIST RMF, NIST 800-53/NIST CSF, CIS Controls, COBIT, SOC 2;
    Be proficient in developing and maintaining comprehensive security policies and standards, and in particular, managing the Information Security Management System (ISMS) in light of the ISO 27001/27002;
    Be experienced in managing an information security risk management process, including conducting risk assessments/quantification, particularly in organizations with a technological background and a highly dynamic environment;
    Be familiar with relevant international legal and regulatory compliance landscapes such as: GDPR, CCPA, LGPD and SOX;
    Have good verbal and written communication skills, being able to interact with key stakeholders and senior management/C-suite whenever required, and keep up to date in a continuously challenging environment;
    Have experience in presenting risk reports to the Information Security Committee and C-Suite, being able to present metrics, risks and threats in a simple and objective manner;
    Have experience participating in the development and maintenance of the Business Continuity Management process, as well as being knowledgeable of related standards, such as ISO 22301;
    Be able to work in an Agile Dynamic environment;
    Have a high level of professionalism, responsibility and personal integrity. Your actions should set the example;
    We expect you to be fluent in English, since you'll be working in an international environment.


Why Join Us?

You spend a lot of your time at work, so it should be challenging, fun and interesting. At DefinedCrowd, it will be all of those things and more. Here’s what we offer:

    A unique culture, healthy working environment, and a flexible working schedule
    Excellent career development opportunities in a high growth company
    Access to an excellent compensation and benefits package
    An international and diverse team, representing more than 30+ nationalities at our 4 locations
    Global mobility and relocation support with the help of our specialized team
    Continuous training opportunities leveraging hand-on workshops and formal development opportunities

About Us:

DefinedCrowd offers a platform with multiple data delivery options that leverages machine learning technology and human intelligence to deliver quality-guaranteed training data for AI systems. The platform offers self-service and fully customizable solutions that deliver high-quality project-specific training data, enabling AI products reach market quicker. It is this business model that has allowed DefinedCrowd to raise a total of $63.6M in funding over 4 rounds. Our value proposition is quality, privacy, speed and scale, covering more than 50 different languages. With strong expertise in speech and natural language processing technologies, we have been serving AI companies and Fortune 500 companies since day one. DefinedCrowd was founded in Seattle and has offices in Lisbon, Porto and Tokyo.

Related Jobs

Divisional Vice President of Sales

DefinedCrowd - Boston, MA, US

Business Data Scientist (Marketing & Sales)

DefinedCrowd - Seattle, WA, US

Divisional Vice President of Sales

DefinedCrowd - Chicago, IL, US

Divisional Vice President of Sales

DefinedCrowd - Dallas, TX, US

Divisional Vice President of Sales

DefinedCrowd - London, GBEngland, GB
Disclaimer: Local Candidates Only
This company does NOT accept candidates from outside recruiting firms. Agency contacts are not welcome.