GRC Specialist

We are looking for a GRC Specialist who will be the backbone of our security compliance and customer assurance processes.

In this role, you will own real impact across sales, security, and engineering by driving customer trust, ensuring we meet the highest compliance standards, and helping close deals faster.

You’ll be deeply involved in security questionnaires, privacy assessments, vendor due diligence, and certification processes like SOC and ISO. You’ll help build and maintain our public-facing OX Trust Center, which is the centerpiece of how we demonstrate transparency and security excellence to customers and partners.

You’ll work across departments — from Sales to DevOps to R&D — and use innovative tools to make our GRC process fast, reliable, and scalable.

Responsibilities:

• Manage and respond to customer security and privacy questionnaires, collaborating closely with Sales to support POCs and deal closures.
• Administer and optimize the use of tools and platforms for managing questionnaires and compliance documentation.
• Build, update, and maintain the public OX Trust Center to ensure customers always have access to the latest certifications, security documentation, and transparency materials.
• Coordinate document management for certifications (SOC 2 Type II, ISO 27001) and ensure everything is audit-ready.
• Drive collaboration across Security, DevOps, and R&D teams to track and document compliance with security standards.
• Help maintain and continuously improve our internal security and compliance practices to meet evolving customer and industry demands.
• Maintaining vendor security documentation and risk assessments.
• Ensuring our third-party ecosystem meets OX Security’s trust and compliance standards.
• Support internal and external audits, ensuring evidence collection and readiness.
• Be a trusted partner to Sales, Security, and Product teams — translating customer compliance needs into actionable improvements inside OX Security.
  
  

• 1–3 years of experience in security compliance, GRC, risk management, or related fields.
• Hands-on experience responding to security and/or privacy questionnaires.
• Basic understanding of standards like SOC 2, ISO 27001, GDPR, and general cloud and application security principles.
• Familiarity with third-party risk management or vendor security evaluation (even basic experience is a plus).
• Strong organizational skills and attention to detail — you’ll be keeping track of hundreds of moving parts.
• Solid communication skills — you can explain technical and security concepts in clear, professional English (written and verbal).
• Ability to work independently while collaborating across multiple teams.
• Comfortable learning and managing compliance tools (experience with Vendict or similar a big plus).