Job description
Job Title: GRC Specialist
Type of employment: Permanent, Full-Time, Remote
Location: This is a remote role based either in the UK, Bulgaria or Portugal. You need to currently based in either of these locations and have the rights to work without visa sponsorship. We are unable to offer visa sponsorship for this position.
About ZigZag Global
We are Returns! We’re an award-winning eCommerce returns business founded in 2015 by our CEO, Al Gerrie. We live to push boundaries of smarter returns, and we want a thriving retail world where every customer experience is both delightful and considered, everything we buy can be loved and re-loved and preserving our planet is part of the fabric of how we shop.
Today, more than 200 companies across 130 countries use our SaaS platform to help reduce the cost, friction, and impact of returns. Part of our leading enterprise retail clients include Zara, Superdry, New Look, Boden, Selfridges, Sports Direct, The Hut Group, Swarovski, not to forget the Whitelabel partnership with the world’s biggest logistics businesses like DHL, Evri, and FedEx.
In March 2021, ZigZag was acquired by Global Blue, an industry leader in tax free shopping. Strengthening our reach across the global retail industry and allowing us to continue to do what we do best, help retailers manage and re-sell their returns.
At ZigZag, we embody a set of values that lies at the core of our workplace culture. Our dedication to the Start-up Spirit, Human Heart and Grown-up Mindset defines our collaborative spirit and shapes our collective success.
Passionate and Collaborative Minds Wanted:
You’ll join a brilliantly diverse group across Europe. We believe a business is strongest when its teams are both inclusive and diverse. We recognise and aim to challenge everyday biases, remove obstacles to inclusion and ensure all our people can thrive and be themselves.
If you are passionate about making a positive impact, caring for both colleagues and clients, and embracing a collaborative mindset, we invite you to apply. Join us in building a workplace where every contribution matters, and each team member feels a profound sense of belonging and value.
About the Information Security Team
We’re a small and agile security team currently scaling our capabilities to meet increased customer demand and compliance expectations. The team is responsible for securing our infrastructure, customer data, and business operations while helping ZigZag maintain trust and transparency across the board. We work cross-functionally with Engineering, IT, Legal, and Sales. The GRC Specialist will lead on governance, risk, and compliance efforts and act as the key interface for all audit and assurance activities.
Our philosophy around building ZigZag Tech
We work in agile, cross-functional teams that combine engineering, product, and security. Our environments are cloud-native and built to scale globally. Collaboration, continuous improvement, and ownership are baked into our delivery culture.
Person’s profile
We are in search of a GRC Specialist who resonates with our Purpose, Vision, and Values and is eager to contribute to a team where these principles are more than words – they guide our actions. Your commitment to fostering positive relationships, whether with colleagues or customers, will help create an environment where everyone feels appreciated and valued.
Key Responsibilities:
- Develop and maintain security policies, standards, and procedures aligned with ISO 27001, GDPR, and NIS2.
- Manage the enterprise risk register and perform regular risk assessments.
- Lead internal and external audit readiness and evidence collection.
- Handle customer security questionnaires, RFP responses, and third-party assessments.
- Own and deliver employee security awareness training.
- Oversee supplier security risk management processes and due diligence reviews.
- Monitor and report on control effectiveness, producing regular metrics and insights.
- Collaborate with stakeholders across the business to embed GRC best practices.
What you’ll need to be successful:
Extensive experience in a GRC, cybersecurity, or compliance-focused role.
Strong understanding of ISO 27001, NIS2, GDPR, and risk management frameworks.
Proven track record in managing audits, risk registers, and policy frameworks.
Ability to interface confidently with technical and non-technical stakeholders.
Familiarity with GRC tools like Vanta, Drata, or similar is a plus.
Experience working in a SaaS or cloud-native (AWS/GCP/Azure) environment preferred.
Strategic Thinking: Apply a “Grown-up Mindset” by approaching tasks with a strategic perspective, making well-informed decisions that contribute to the overall success of the team and the organization.
Tenacious Problem-Solving: Exhibit tenacity in addressing challenges, embodying the value of “Be Tenacious” by persistently seeking solutions and overcoming obstacles.
Adaptability to Roll with Zig days and Zag days: Embrace flexibility and adaptability, recognizing that workdays may present unexpected shifts and challenges.
Competitive holiday allowance, plus bank holidays + an additional day of holiday after every full year of service (up to 5 additional days), plus a bonus day off for your birthday
Flexible working options
Healthcare insurance (location specific)
Home office equipment budget
Annual L&D budget and time to utilize it
Employee referral bonus scheme
Summer working hours
Food vouchers (location specific)
Mental health support
For a detailed breakdown of our benefits based on location please click here ZigZag Careers Page
If you are interested, please send your CV in English.
Your application will be reviewed with strict confidentiality. Only the short-listed candidates will be contacted for an interview. Providing your personal data, you explicitly agree that it will be processed for the purpose of recruiting and for the purpose of the possible signing of a labour contract and will be stored and operated by “ZigZag Global” EOOD in their capacity of the personal data controller and personal data processor in accordance with the effective legislation. Please have in mind that with this you give permission for your resume to be shared with other parties of the ZigZag Global Group.
