About Ibexa
Ibexa is a European marketing orchestration platform that empowers organisations to deliver seamless, data-driven customer experiences across the entire digital journey. By unifying content management, customer data, engagement, product information, and interactive data collection capabilities — including solutions such as Qualifio, Raptor, Quable, Actito — Ibexa enables marketing and digital teams to break down silos and orchestrate high-impact, personalised experiences at scale. We are a team of more than 350 professionals across Europe. As Ibexa continues to expand its footprint across Europe and beyond, we are looking for ambitious sales professionals who are eager to help organisations transform their marketing ecosystems and unlock new growth opportunities.
About the Role
We are looking for a GRC Lead to help build, operate, and continuously improve our security governance framework across a growing SaaS organisation.
As a key member of the IT Security team, you will own the governance, risk, compliance, and certification dimensions of our security program. You will work closely with Engineering, Infrastructure, Internal IT, HR, Legal, Product, and executive leadership to ensure that security requirements are properly defined, documented, monitored, and evidenced.
You will be the primary owner of our ISO 27001 roadmap, risk management framework, security policies, client security questionnaires, and auditor interactions.
This role combines strategic thinking, operational execution, stakeholder management, and a pragmatic approach to compliance.
What You Will Do
Governance & Compliance
1. Own and maintain the company's Information Security Management System (ISMS)
2. Lead the ISO 27001 certification and continuous improvement roadmap
3. Define, document, and continuously improve security policies, standards, procedures, and controls
4. Ensure security governance remains aligned with business objectives and regulatory requirements
5. Coordinate security-related activities with Legal, HR, DPO, Internal IT, Infrastructure, and Product teams
Risk Management
6. Own and maintain the corporate security risk register
7. Facilitate risk identification, assessment, treatment, and follow-up activities
8. Drive remediation planning and ensure appropriate tracking of security actions
9. Support management decision-making through risk-based recommendations
Client & External Security Interactions
10. Lead responses to customer security questionnaires and due diligence requests
11. Coordinate security-related discussions during sales cycles and customer audits
12. Act as the primary point of contact for external auditors and certification bodies
13. Coordinate penetration testing engagements and remediation follow-up
14. Prepare security documentation and evidence packages for customers and auditors
Security Processes & Reporting
15. Define and maintain security processes across the organization
16. Coordinate incident follow-up processes and post-incident action tracking
17. Produce governance dashboards and security reporting for leadership
18. Contribute to KPI definition and measurement frameworks
19. Support quarterly security committees and executive security reviews
Cross-Functional Collaboration
20. Work closely with the Technical Security Lead on security initiatives
21. Partner with Infrastructure, Internal IT, and Engineering teams to ensure compliance requirements are effectively implemented
22. Support security awareness initiatives and company-wide security programs
23. Contribute to the continuous improvement of Technical and Organizational Measures (TOMs)
What we are looking for
24. 5+ years in GRC, Information Security, Internal Audit, or a related field
25. Hands-on experience with ISO 27001, security audits, compliance assessments, and risk management
26. Experience handling customer security reviews and questionnaires
27. Background in SaaS, cloud, software, or technology environments
28. Strong understanding of information security governance and risk management
29. Familiarity with security frameworks such as ISO 27001, SOC 2, and NIST
30. Knowledge of cloud environments, software development, and data privacy principles
Skills
31. Excellent written communication and documentation skills
32. Fluent in English and French
33. Strong stakeholder management and collaboration abilities
34. Ability to translate security requirements into practical business processes
35. Detail-oriented, structured, and effective with both technical and non-technical audiences
36. Able to challenge constructively while fostering collaboration
What Success Looks Like
Within your first year, you will
37. Maintain and continuously improve our ISO 27001 compliance posture and extend scope to entities not covered yet
38. Improve the quality and efficiency of customer security interactions
39. Increase visibility of security KPIs and governance reporting
40. Strengthen security processes and evidence management across the organization
41. Become a trusted advisor to leadership and operational teams on governance, risk, and compliance matters
Why Join Us
You will play a central role in shaping the security maturity of a growing software organization. Working directly with the Head of IT and C-level executive and alongside technical security specialists, you will have the opportunity to influence how security is embedded into our products, operations, and culture while helping the company scale in a secure and compliant way.