Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
We are looking for a GRC Analyst to join our Client’s team under a hybrid work model.
At Hexa Consulting, we are more than an IT consulting company — we are a place where technological talent grows. Based in Portugal, we value transparency and a people-first approach, helping professionals take the next big step in their IT careers. Our mission is to build strong relationships and support the development of every team member.
With projects in Nearshore, Time & Material, Service Management, and Tech Academies, you will find opportunities to learn, innovate, and grow in your career.
Work Model depending on where you live:
- Within 70 km of Lisbon office — 1x per WEEK on-site
- Over 70 km of Lisbon office — 2x per MONTH on-site
Key Responsibilities:
- Support the design, implementation, and maintenance of the Information Security Management System (ISMS) aligned with ISO 27001
- Contribute to compliance efforts with NIS2 and other regional cybersecurity regulations
- Conduct and document risk assessments, control testing, and remediation follow-ups
- Drive the Risk Management (RM) and Third-Party Risk Management (TPRM) process lifecycle
- Collaborate with technical and business teams to ensure consistent governance and security controls
- Prepare and deliver audit support documentation, risk reports, and policy updates
- Participate in cybersecurity projects as a workstream lead or project contributor
Required Qualifications:
- 2+ years of experience for a Junior level position or 5+ years for a Middle+ level position in information security, risk management, or IT governance
- Solid understanding of ISO 27001, NIST CSF, and NIS2 Directive requirements
- Strong communication and documentation skills in English (written and spoken)
- Experience with project management practices or methodologies
- Hands-on experience with compliance tools, risk registers, or GRC platforms
- Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent professional experience
Preferred Qualifications:
- Professional certifications such as ISO 27001 Lead Implementer/Auditor, CISM, CRISC, or CISSP
- Previous experience in a multinational or supply chain environment
Why Join Us?
- Contract Type: Permanent / Employment or B2B, according to preference
- Health Insurance: Comprehensive coverage for your well-being
- Hybrid Model: Flexible hybrid work arrangement
- Continuous Learning: Access to a Udemy Business subscription with thousands of courses and workshops
- Team Culture: A collaborative, relaxed, and innovative environment
If you meet the above criteria and are ready for an exciting opportunity in a dynamic environment, send us your CV!
Key Skills
Ranked by relevanceReady to apply?
Join Hexa Consulting and take your career to the next level!
Application takes less than 5 minutes