Senior GRC Analyst (m,f,x)

We’re looking for a new teammate who will support the implementation and ongoing maintenance of information security compliance and certification programs, working with cross-functional internal teams and external auditing agencies. The person will also support data protection, data privacy, and third-party vendor risk management functions.

The position will be part of the Governance, Risk & Compliance (GRC) team at HelloFresh that is responsible for creating, maintaining and improving HelloFresh’s security risk management program and remediation activities; information security and data privacy related processes, policies, and guidelines; supporting compliance and certification related activities; and driving security awareness and education.

Above all, we are looking for people who willmake HelloFreshbetter.We believe there are many different ways of developing skills and we love diverse experiences! So even if you don’t “tick all the boxes” but think you’d thrive in this role, we would really like to learn more about you.

• Lead internal assessments and coordinate external compliance audits at planned intervals
• Evaluate and validate the design and operational effectiveness of security policies, standards, and internal controls to help reduce compliance risk in the company
• Monitor open items from internal assessments and external compliance audits to ensure completion of remediation activities
• Support continuous monitoring processes to assess compliance with information security policies and standards as well as legal and regulatory compliance requirements
• Assist as required with third-party vendor security reviews and assessments regarding their security and data privacy status
• Collaborate with various teams to identify, document, assess and remediate security risks
• Participate in the development and implementation of security policies, standards, security awareness and end-user education efforts
• Develop comprehensive and accurate reports and presentations on the compliance landscape for both technical and executive audiences
• Use formal project management skills in planning, tracking, and reporting to drive remediation activities

• 3+ years' experience in performing compliance activities in a corporate environment related to IT General Controls (ITGC), SOC 2, ISO 27001, PCI DSS, EU NIS2, and various data privacy directives (GDPR, CCPA/CPRA, etc.)
• Ability to interpret compliance regulations and map them to the actual implementation of systems, whilst referencing various security frameworks
• Experience supporting data privacy regulations (GDPR, CCPA) and third-party risk management programs
• Experience with developing and executing security awareness programs and trainings
• Highly organized and detail-oriented, with an ability to work independently
• Industry compliance certifications (CISA, CISM, CISSP) are a plus
• Prior experience working in a SaaS environment, mainly Cloud and AWS-based

Elevate your lifestyle! Join one of Europe's fastest-growing tech powerhouses in a dynamic phase of expansion.

• Immerse yourself in a diverse global community of 90+ nationalities.
• Enjoy a competitive compensation package that goes beyond the norm, with perks like a HelloFresh- subsidized Pension Scheme, Berlin relocation support, and a Hybrid working model.
• Elevate your lifestyle with exclusive discounts on your weekly HelloFresh box and office meals.
• Invest in your growth with a German language learning budget, and access to the HelloFresh Academy.
• Plus, we've got your well-being covered with mental health support, transportation perks, and working-parent-friendly benefits. From our 24/7 gym access,wellbeing platforms like Headspace and Spill, to sabbatical leave options, HelloFresh is not just a workplace; it's a lifestyle of perks and possibilities!

HelloFresh is committed to the principles of equal employment opportunity and providing reasonable accommodations to candidates with disabilities. If you need an accommodation during the application process, please reach out to us at:

Europe: EUaccommodations@hellofresh.com.
APAC: APACaccommodations@hellofresh.com
United States: USCandidateAccommodations@hellofresh.com
Canada: CAaccommodations@hellofresh.com

*

indicates a required field

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

When is your earliest availability? *

What are your salary expectations? *

Do you have an EU passport or a valid work visa/permit? * Select...

What Gender Do You Identify As? * Select...

Dear potential newHelloFresher.We are thrilled to see your interest in our positions here atHelloFresh! We genuinely care about diversity and inclusion. We hope you cananswer our question above, which will be used to analyze and improve our diversity and inclusion efforts.

Please, note that your gender will not be disclosed to our talent acquisition team or linked to your application by any way. By sharing 'how you identify', you explicitly consent to the processing of this information and to HelloFresh adding this information to an aggregated data set, which will be used for analysis.

Should you choose to not participate, please select “Prefer Not to Disclose”. Not participating will not have any negative impact on your application, and your answer will not be identified with you individually.

We thank you in advance!

Where do you currently live? * Select...

Do you have any access requirements you would like us to be aware of?

Have you been referred by a HelloFresh Alumni? *

Yes

No

I worked at HelloFresh

If you were referred, please indicate the first and last name of your referral *

Have you been previously employed by HelloFresh SE, Hellofresh SE & Co.KG, or HelloFresh Deutschland Produktions SE & Co.KG? * Select...

This includes all types of employment within the respective entity