Senior GRC Analyst (m,f,x)

HelloFresh
Berlin, DE

Who this role is best for

Geared toward experienced GRC professionals comfortable with cross-functional implementation of compliance frameworks in a cloud-based SaaS environment.

Best fit for

  • Senior compliance specialists with hands-on NIS2 and PCI DSS implementation experience
    — “Lead end-to-end compliance readiness for NIS2 and support alignment across other key frameworks
  • GRC practitioners adept at translating regulations into operational controls
    — “Translate regulatory requirements into practical controls; drive cross-functional implementation across international teams
  • Security professionals with audit coordination and remediation tracking expertise
    — “Own remediation management: track findings, evidence, owners, deadlines, and report status to stakeholders

Things to consider

  • Requires coordination with international teams across time zones
    — “drive cross-functional implementation across international teams
  • Hybrid work model implies some in-office presence in Berlin
    — “Hybrid working model

How to stand out

  • Demonstrate specific examples of bridging compliance gaps in cloud environments
    — “Prior experience working in a SaaS environment, mainly Cloud and AWS-based
  • Highlight experience mentoring junior team members in GRC processes
    — “Improve GRC maturity through continuous monitoring, clear documentation, and mentoring junior team members
  • Showcase executive-level reporting on compliance landscapes
    — “Develop comprehensive and accurate reports and presentations on the compliance landscape for both technical and executive audiences
Pace · SteadyCollaboration · HighAutonomy · MediumDecision Impact · TeamLevel · Senior

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • Leading end-to-end compliance readiness
  • Executing internal control assessments
  • Translating regulatory requirements into practical controls
  • Improving GRC maturity
  • Developing comprehensive reports
Typical background
3+ years' experience in compliance activitiesExperience supporting data privacy regulationsExperience with developing security awareness programs

Skills & requirements

Required

Compliance ActivitiesInternal Control AssessmentsCompliance AuditsSecurity PoliciesInternal ControlsSecurity Awareness ProgramsData Privacy RegulationsThird-party Risk Management

Preferred

CISACISMCissp

Stack & domain

Nis2Pci DssCsrdIso/socEu Ai ActLangchainVector DatabasesApi IntegrationSQLTableauLeadershipCommunicationProblem-solvingTeamworkCisaCismCisspGrcSecurity Risk ManagementData PrivacyThird-party Vendor Risk Management

About the role

Original posting from HelloFresh

The role

We’re looking for a new teammate who will support the implementation and ongoing maintenance of information security compliance and certification programs, working with cross-functional internal teams and external auditing agencies. The person will also support data protection, data privacy, and third-party vendor risk management functions.

The position will be part of the Governance, Risk & Compliance (GRC) team at HelloFresh that is responsible for creating, maintaining and improving HelloFresh’s security risk management program and remediation activities; information security and data privacy related processes, policies, and guidelines; supporting compliance and certification related activities; and driving security awareness and education.

Above all, we are looking for people who will make HelloFresh better. We believe there are many different ways of developing skills and we love diverse experiences! So even if you don’t “tick all the boxes” but think you’d thrive in this role, we would really like to learn more about you.

What you’ll do

Lead end-to-end compliance readiness for NIS2 and support alignment across other key frameworks (e.g., PCI DSS, CSRD, ISO/SOC and EU AI Act).

Plan and execute internal control assessments and coordinate external compliance audits on a defined cadence.

Translate regulatory requirements into practical controls; drive cross-functional implementation across international teams.

Own remediation management: track findings, evidence, owners, deadlines, and report status to stakeholders.

Improve GRC maturity through continuous monitoring, clear documentation, and mentoring junior team members.

Lead internal assessments and coordinate external compliance audits at planned intervals

Evaluate and validate the design and operational effectiveness of security policies, standards, and internal controls to help reduce compliance risk in the company

Develop comprehensive and accurate reports and presentations on the compliance landscape for both technical and executive audiences

What you’ll bring

3+ years' experience in performing compliance activities in a corporate environment related to IT General Controls (ITGC), SOC 2, ISO 27001, PCI DSS, EU NIS2, and various data privacy directives (GDPR, CCPA/CPRA, etc.)

Ability to interpret compliance regulations and map them to the actual implementation of systems, whilst referencing various security frameworks

Experience supporting data privacy regulations (GDPR, CCPA) and third-party risk management programs

Experience with developing and executing security awareness programs and trainings

Highly organized and detail-oriented, with an ability to work independently

Industry compliance certifications (CISA, CISM, CISSP) are a plus

Prior experience working in a SaaS environment, mainly Cloud and AWS-based

What we offer

Elevate your lifestyle! Join one of Europe's fastest-growing tech powerhouses in a dynamic phase of expansion.

Immerse yourself in a diverse global community of 90+ nationalities.

Enjoy a competitive compensation package that goes beyond the norm, with perks like a HelloFresh- subsidized Pension Scheme, Berlin relocation support, and a Hybrid working model.

Elevate your lifestyle with exclusive discounts on your weekly HelloFresh box and office meals.

Invest in your growth with a German language learning budget, and access to the HelloFresh Academy.

Plus, we've got your well-being covered with mental health support, transportation perks, and working-parent-friendly benefits. From our 24/7 gym access,wellbeing platforms like Headspace and Spill, to sabbatical leave options, HelloFresh is not just a workplace; it's a lifestyle of perks and possibilities!

 

Source: HelloFresh careers

Similar roles