Job Description
Description
About Ibexa
Ibexa is a European marketing orchestration platform that empowers organisations to deliver seamless, data-driven customer experiences across the entire digital journey. By unifying content management, customer data, engagement, product information, and interactive data collection capabilities — including solutions such as Qualifio, Raptor, Quable, Actito — Ibexa enables marketing and digital teams to break down silos and orchestrate high-impact, personalised experiences at scale. We are a team of more than 350 professionals across Europe. As Ibexa continues to expand its footprint across Europe and beyond, we are looking for ambitious sales professionals who are eager to help organisations transform their marketing ecosystems and unlock new growth opportunities.
About the Role
We are looking for a GRC Lead to help build, operate, and continuously improve our security governance framework across a growing SaaS organisation.
As a key member of the IT Security team, you will own the governance, risk, compliance, and certification dimensions of our security program. You will work closely with Engineering, Infrastructure, Internal IT, HR, Legal, Product, and executive leadership to ensure that security requirements are properly defined, documented, monitored, and evidenced.
You will be the primary owner of our ISO 27001 roadmap, risk management framework, security policies, client security questionnaires, and auditor interactions.
This role combines strategic thinking, operational execution, stakeholder management, and a pragmatic approach to compliance.
What You Will Do
Governance & Compliance
Own and maintain the company’s Information Security Management System (ISMS)
Lead the ISO 27001 certification and continuous improvement roadmap
Define, document, and continuously improve security policies, standards, procedures, and controls
Ensure security governance remains aligned with business objectives and regulatory requirements
Coordinate security-related activities with Legal, HR, DPO, Internal IT, Infrastructure, and Product teams
Risk Management
Own and maintain the corporate security risk register
Facilitate risk identification, assessment, treatment, and follow-up activities
Drive remediation planning and ensure appropriate tracking of security actions
Support management decision-making through risk-based recommendations
Client & External Security Interactions
Lead responses to customer security questionnaires and due diligence requests
Coordinate security-related discussions during sales cycles and customer audits
Act as the primary point of contact for external auditors and certification bodies
Coordinate penetration testing engagements and remediation follow-up
Prepare security documentation and evidence packages for customers and auditors
Security Processes & Reporting
Define and maintain security processes across the organization
Coordinate incident follow-up processes and post-incident action tracking
Produce governance dashboards and security reporting for leadership
Contribute to KPI definition and measurement frameworks
Support quarterly security committees and executive security reviews
Cross-Functional Collaboration
Work closely with the Technical Security Lead on security initiatives
Partner with Infrastructure, Internal IT, and Engineering teams to ensure compliance requirements are effectively implemented
Support security awareness initiatives and company-wide security programs
Contribute to the continuous improvement of Technical and Organizational Measures (TOMs)
Requirements
What we are looking for
5+ years in GRC, Information Security, Internal Audit, or a related field
Hands-on experience with ISO 27001, security audits, compliance assessments, and risk management
Experience handling customer security reviews and questionnaires
Background in SaaS, cloud, software, or technology environments
Strong understanding of information security governance and risk management
Familiarity with security frameworks such as ISO 27001, SOC 2, and NIST
Knowledge of cloud environments, software development, and data privacy principles
Skills
Excellent written communication and documentation skills
Fluent in English and French
Strong stakeholder management and collaboration abilities
Ability to translate security requirements into practical business processes
Detail-oriented, structured, and effective with both technical and non-technical audiences
Able to challenge constructively while fostering collaboration
What Success Looks Like
Within your first year, you will
Maintain and continuously improve our ISO 27001 compliance posture and extend scope to entities not covered yet
Improve the quality and efficiency of customer security interactions
Increase visibility of security KPIs and governance reporting
Strengthen security processes and evidence management across the organization
Become a trusted advisor to leadership and operational teams on governance, risk, and compliance matters
Why Join Us
You will play a central role in shaping the security maturity of a growing software organization. Working directly with the Head of IT and C-level executive and alongside technical security specialists, you will have the opportunity to influence how security is embedded into our products, operations, and culture while helping the company scale in a secure and compliant way.
