Cybersecurity GRC

Information Security Governance, Compliance and Risk Officer

About inpart

inpart is the industry-leading provider of partnering technology solutions tailored for the biopharma realm. Serving the majority of the globe's top-tier pharmaceutical enterprises and emerging biotechs, our platform champions streamlined partnerships. Our unique strength is found in our diverse and international team, with over 35 nations represented. We are united by our core values: care, diversity, and excellence.

Job Overview

The Information Security Governance, Compliance & Risk Officer will oversee compliance management, risk management, and governance activities to ensure the organization's information security standards are met and continuously improved.

This position plays a pivotal role in maintaining compliance with frameworks such as ISO 27001 and SOC 2, managing security documentation, internal controls, and incident response processes. The role will support security-related projects implementation and provide responses to security controls queries. You will collaborate with the IT & Security Director and the Security Administrator, as well as other teams across the organization.

Activities

Compliance Management:

• Implement and maintain the organization’s compliance strategy with information security standards, including ISO 27001, SOC 2, and other frameworks.
• Define the controls schedule, implement / update the controls, manage the controls realization and report the activities
• Conduct internal audits to identify compliance gaps and lead remediation efforts.
• Collaborate with external auditors to maintain certifications.

Risk Management:

• Perform risk assessments to identify, evaluate, and mitigate security risks.
• Maintain the organization's risk register and ensure action plans are implemented.
• Regularly report risk metrics and remediation progress to stakeholders.

Governance and documentation:

• Maintain and update information security policies, procedures, and ISMS documentation.
• Coordinate incident management, including tracking, resolution, and post-incident reviews.
• Support security-related projects by providing governance and compliance expertise.

Customer’s assistance :

• Manage responses to client and internal security queries, ensuring timely and accurate communication.
• Collaborate with cross-functional teams to address security-related requirements in contracts or RFPs.

Collaboration and awareness:

• Work closely with the Security Administrator to implement technical controls and ensure alignment with compliance requirements.
• Support security awareness initiatives and training within the organization.

Qualifications

• Bachelor's or master's degree in information security, Computer Science, or a related field (or equivalent experience).
• Previous experience in GRC (not necessarily in information security)
• Knowledge of ISO 27001 / SOC 2 standards; certifications are a plus (e.g., ISO 27001 Auditor, CISSP, CISM).
• Experience with risk management methodologies (e.g., ISO 27005, EBIOS RM).
• Excellent written and verbal communication skills in English.
• Strong organizational and project management skills.
• Proactive mindset with the ability to work both independently and collaboratively.