Technical Security & GRC Lead

Company Description

Peer Security is a leader in cybersecurity innovation, specializing in web application, mobile, thick client, and infrastructure penetration testing. Founded by renowned industry researchers, the company is dedicated to safeguarding businesses’ digital assets against evolving cyber threats. Using advanced methodologies and tools, Peer Security delivers tailored solutions designed to meet clients' unique security needs while ensuring resilience and protection. Known for its commitment to excellence, the organization provides end-to-end security services, from assessment to post-engagement support, with a collaborative and customer-focused approach. Peer Security strives to be a trusted global partner, driving advancements in cybersecurity to secure the digital landscape of the future.

Role Description

We are looking for a Technical Security & GRC Lead with a CISO mindset , someone who takes full ownership of security and compliance, and knows how to bridge risk management, regulatory requirements, and real-world technical implementation.

This role combines leading organization-wide GRC and risk assessment processes with hands-on technical understanding of systems, infrastructure, and architecture. It requires strong ownership, the ability to lead cross-functional initiatives, and a project management approach alongside technical execution.

Responsibilities

• Lead GRC & Risk Management - Own and drive risk assessments, define methodologies, and implement Governance, Risk & Compliance processes across the organization.
• Security Standards & Policies Ownership - Define, implement, and continuously improve security policies and standards, ensuring alignment with actual technical practices.
• Translate Compliance into Engineering - Convert regulatory requirements (SOC2, ISO 27001, GDPR, etc.) into practical technical controls, processes, and automations.
• Project Leadership - Lead security initiatives end-to-end — from planning and prioritization to execution and delivery.
• Stakeholder Management - Work closely with engineering teams, leadership, and other stakeholders, effectively communicating complex security topics to both technical and non-technical audiences.
• Technical Understanding & System Perspective - Collaborate with DevOps and engineering teams, with a strong understanding of cloud environments, architectures, and development processes.
• Vulnerability & Threat Awareness - Understand penetration testing methodologies and standards such as OWASP Top 10, and translate findings into actionable improvements

Requirements

• 3+ years of experience in Security, with a strong focus on GRC and risk management  
• Hands-on experience leading risk assessments and compliance processes end to end 
• Experience working with frameworks and regulations (SOC2 / ISO 27001 / GDPR)  
• Familiarity with penetration testing concepts and standards such as OWASP Top 10  
• Proven experience leading cross-functional projects  
• Strong stakeholder management skills, with the ability to communicate with both technical and non-technical audiences
• Solid technical understanding of cloud environments (AWS), IAM, and system architecture  
• Experience working with DevOps and engineering teams  
• Fluent English (spoken and written) — MUST