Information Security GRC Specialist (f/m/d)

Purpose of Position

To support the operation and continual improvement of Awin’s Information Security Management System (ISMS), aligned to ISO 27001 and related standards. This role ensures effective governance, risk management, compliance monitoring, and education initiatives to protect Awin’s information assets and meet regulatory and contractual obligations.

Core Responsibilities

• Ensure compliance with relevant local and EU information security regulations and international frameworks such as ISO 27001, PCI DSS, CIS, and NIST CSF.
• Drive the development, implementation, and continuous improvement of information security policies, standards, and procedures, ensuring they are business-enabling and scalable.
• Support the rollout of Awin’s internal control framework across the globe, partnering with local teams to collate and verify control evidence.
• Conduct internal audits and control testing against ISO 27001 and support preparations for external audits and certification renewals.
• Monitor local regulatory developments and ensure internal controls remain compliant.
• Support and enhance the security risk management process, including risk assessments and maintenance of risk registers.
• Assist in the creation and regular review of incident response playbooks

Additional GRC Activities

• Support the review of vendor contracts, RFPs, and data processing agreements to ensure compliance with Awin’s risk appetite
• Lead or support security awareness and training, including phishing simulations and workshops.
• Contribute to tracking and reporting cybersecurity KPIs/metrics.
• Participate in incident response coordination and post-mortem reviews.
• Assist with BAU GRC processes such as vendor due diligence and risk reviews.
• Mentor junior team members and promote a culture of collaboration, knowledge sharing, and continuous improvement across the team.

Professional experience and skills:

• 2+ years of experience in an Information Security or IT Risk/Compliance role within a GRC function.
• Proven experience working within an ISMS environment certified to ISO/IEC 27001.
• Familiarity with security standards, regulatory requirements, and common control frameworks.
• Certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor/Implementer.
• Excellent written communication and documentation skills, (very good written and spoken English required).
• Strong attention to detail with a methodical and analytical mindset.
• Ability to collaborate across departments and build stakeholder trust.
• Proactive and adaptable; comfortable working in a fast-paced, changing environment.
• Demonstrates a project-oriented mindset with the ability to prioritise and manage competing tasks.

Our Offer

• Flexi-Week and Work-Life Balance: We prioritise your mental health and wellbeing, offering you a flexible four-day Flexi-Week at full pay and with no reduction to your annual holiday allowance. We also offer a variety of different paid special leaves.
• Flexi-Office: We offer an international culture and flexibility through our Flexi-Office and hybrid/remote work possibilities to work across Awin regions
• Health & Well Being: With our support and access to various initiatives and sports offers, you can devote yourself to your mental and physical well-being. .
• Development: We’ve built our extensive training suite Awin Academy to cover a wide range of skills that nurture you professionally and personally, with trainings conveniently packaged together to support your overall development.
• Remote Working Allowance: You will receive a monthly allowance to cover a part of your running costs. In addition, we will support you in setting up your remote workspace appropriately.
• Appreciation: Thank and reward colleagues by sending them a voucher through our peer-to-peer program.
• We are hiring in multiple countries, additional benefits in terms of health, well being, security and more will be discussed further upon first initial interview with the talent team.

Established in 2000, Awin is proud of our dynamic, social and inclusive culture.

Like all businesses, we’ve had to adapt and nurture our culture in a virtual environment. Our virtual ‘Life @ Awin’ hub brings our colleagues from across the globe together for various social activities.

Diversity & Inclusion are paramount to us, and we proudly pursue and hire diverse team members. We champion uniqueness and authenticity; this is who we are at our core. Our network of affiliate partnerships are diverse and transparent, as are the employees powering our vision to build the world’s leading open partner ecosystem. We welcome all backgrounds, identities, and experiences. If you need support at any point in the application or interview process, please let us know.

Apply now to begin the next stage of your career at a progressive company that supports both your professional and personal development.

#LI-MM1