Governance, Risk & Compliance Specialist GRC Specialist

Job Description

We are looking for a Governance, Risk & Compliance (GRC) Specialist to join the Skroutz Security team. You will be hired directly by Skroutz S.A., enjoying the full benefits, culture, and engineering-first environment of the Skroutz Group, while your primary mission will be to operationalize security compliance and meet key regulatory, legal and compliance requirements across the group.

In this role, you will act as a subject matter expert for GRC requirements, mandates and obligations. While the CISO retains the formal role of Information Security Officer (IASPE) under NIS2 regulations, you will be delegated the autonomy to build frameworks, draft policies, and manage the day-to-day requirements of a group entities, including a regulated courier provider.

The Split:

• ~60% Skroutz Last Mile: Executing the compliance roadmap (NIS2, ADAE, ISO27001) and acting as the operational link between Engineering and Regulators for our regulated courier service entity.
• ~40% Skroutz Group: Supporting the core Skroutz security team with internal audits, vendor risk assessments, and group-wide GRC tasks.

What you will do

Operational Compliance

• Execute the Roadmap: You will implement the security strategy set by the CISO, ensuring entities meets the requirements of an “Important Entity” under NIS2 (Law ⁵¹⁶⁰⁄₂₀₂₄) while ensuring full compliance with relevant national and European regulations (EU AI Act, CRA, DSA etc.)
• Manage Regulatory Relations: You will handle day-to-day communications and submissions to authorities (ADAE, EETT). Note: Ultimate regulatory accountability remains with the CISO, but you will ensure we are organized, timely, and compliant.
• Policy & Documentation: Draft and maintain internal Information Security & Data Protection policies, the Policy for Assurance of Secrecy of Postal Services and other required ISMS documentation. You will work with the SRE teams to ensure these policies are practical, not just theoretical.
• Collaboration with DPO: Work closely with our specialized DPO team to align data privacy efforts with security controls, policies and procedures and further specifically regarding marketplace and courier service privacy regulations.
• Incident Response : Be a primary point of contact for Incident Response procedures and ensure IR Plans are drafted, maintained, improved upon and executed as necessary, coordinating IR activities as needed with relevant stakeholders

Frameworks & Audits

• ISO 27001 Prep: Lead the groundwork for future ISO 27001 certification. You will perform gap analyses and coordinate with engineering teams to close those gaps.

• Audit Facilitation: Act as the primary coordinator during external audits. You will prepare the evidence, schedule the sessions, and assist the CISO in demonstrating compliance.

• Risk Management: Maintain and assist in updating the Skroutz risk register. Perform internal and third-party risk assessments and audits to align with group risk appetite and risk management frameworks

• Experience: 3+ years in Information Security Governance, Risk Management, or Compliance.

• Regulatory Fluency: Ability to interpret Greek regulations (FEK, ADAE guidelines) and translate them into actionable tasks for technical teams.

• Framework Knowledge: Familiarity with ISO/IEC 27001. Experience implementing or maintaining an ISMS is highly valued.

• Collaborative Mindset: Be an enabler and a business driver. You can explain why a control is needed to an engineer without blocking their workflow while finding alternatives to achieve compliance.

• Communication: Excellent command of Greek and English. You will draft formal documents for Greek authorities and technical reports in English.

Nice to Have

• Experience in a regulated sector (Telecoms, Logistics, Banking) or familiarity with ADAE/EETT specificities.

• Technical background (IT, Admin, or Engineering) that helps you understand the infrastructure you are protecting.

• Certifications: CISA, CISM, CRISC, or ISO 27001 Lead Auditor/Implementer.

• A great opportunity to contribute to the evolution of Skroutz towards becoming one of Europe’s fastest growing Marketplaces

• Thrive in an environment that champions ambitious goals, empowers autonomy, fosters mentoring, and unlocks exciting opportunities for both personal and business growth

• Competitive full-time salary

• Ongoing training and development

• Access to books, online courses, and relevant resources

• Top of the Line tools and equipment

• Private Medical Plan

• Hybrid Working

• Free gym membership at Golden Gym in Athens, plus OAKA cross training & running courses, Padel and online yoga

• For all New Skroutz Fathers we offer 30 working days paternity leave (1,5 months in total)

• Monthly childcare allowance for all Skroutz Parents

• When at the office, we offer free food catering (breakfast & lunch)

• Free Skroutz Plus subscription

As part of our dedication to the diversity of our workforce, Skroutz is committed to Equal Employment Opportunity without regard to race, color, national origin, ethnicity, gender, disability, sexual orientation, or religion.

Disclaimer:

Skroutz collects and processes personal data in accordance with the EU General Data Protection Regulation (GDPR). We are bound to use the information provided within your job application for recruitment purposes only and not to share these with any unauthorized third parties. Please read our Recruitment Privacy Policy here.