We are looking for a Middle Cybersecurity Specialist / GRC Specialist to join our team in developing a product for our client based in the USA and Canada. Our client is a globally recognized SaaS company operating in the healthcare domain and dedicated to improving hearing care worldwide. Their platform is used by independent hearing care practices and major retailers across 13 countries.
Required Experience in the following areas:
Third-party risk management and vendor assessment programs
Review and analysis of compliance certifications and audit reports, including SOC 1, SOC 2, ISO 27001, ISO 27701, HIPAA, GDPR, PCI-DSS, and similar frameworks
Understanding of Governance, Risk, and Compliance (GRC) principles and controls
Ability to assess vendor responses, identify control gaps, and document risks and observations
Familiarity with information security, privacy, and regulatory requirements applicable to SaaS and healthcare environments
Strong written communication skills and experience producing professional assessment reports and risk summaries
Experience working with risk registers, remediation tracking, and vendor due diligence processes
The expected scope of work would include:
Reviewing vendor-provided security and compliance documentation
Evaluating certifications, audit reports, questionnaires, and supporting evidence
Completing our standardized vendor assessment template
Documenting findings, observations, risks, and recommendations
Escalating complex or high-risk findings for internal review where required
Maintaining assessment records and supporting documentation within our document reporting system
We offer friendly working conditions with competitive compensation and benefits including:
Comfortable working environment
Friendly team and management
Free English classes
Flexible working hours
Corporate and team building events
