Job Drop BerlinYOUR WAY INTO BERLIN TECH
POST A JOBSAVED JOBSMEET A STARTUPREADSUBSCRIBE
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Senior GRC Analyst (m,f,x)

HHelloFresh
Seniority
Senior
Model
Hybrid
Sector
Consumer
Salary
Undisclosed
Contract
Full-Time

About the role

Support the implementation and ongoing maintenance of information security compliance and certification programs, working with cross-functional internal teams and external auditing agencies. The role also supports data protection, data privacy, and third-party vendor risk management functions as part of the Governance, Risk & Compliance (GRC) team.

What you'll do

  • Lead end-to-end compliance readiness for NIS2 and support alignment across other key frameworks (e.g., PCI DSS, CSRD, ISO/SOC and EU AI Act).
  • Plan and execute internal control assessments and coordinate external compliance audits on a defined cadence.
  • Translate regulatory requirements into practical controls; drive cross-functional implementation across international teams.
  • Own remediation management: track findings, evidence, owners, deadlines, and report status to stakeholders.
  • Improve GRC maturity through continuous monitoring, clear documentation, and mentoring junior team members.
  • Evaluate and validate the design and operational effectiveness of security policies, standards, and internal controls.
  • Develop comprehensive and accurate reports and presentations on the compliance landscape for both technical and executive audiences.

What you'll need

  • 3+ years' experience performing compliance activities in a corporate environment related to IT General Controls (ITGC), SOC 2, ISO 27001, PCI DSS, EU NIS2, and various data privacy directives (GDPR, CCPA/CPRA, etc.)
  • Ability to interpret compliance regulations and map them to the actual implementation of systems, whilst referencing various security frameworks.
  • Experience supporting data privacy regulations (GDPR, CCPA) and third-party risk management programs.
  • Experience with developing and executing security awareness programs and trainings.
  • Highly organized and detail-oriented, with an ability to work independently.

Nice to have

  • Industry compliance certifications (CISA, CISM, CISSP).
  • Prior experience working in a SaaS environment, mainly Cloud and AWS-based.

What they offer

  • Competitive compensation package with HelloFresh-subsidized Pension Scheme.
  • Berlin relocation support and hybrid working model.
  • Exclusive discounts on HelloFresh boxes and office meals.
  • German language learning budget and access to HelloFresh Academy.
  • Mental health support, transportation perks, and working-parent-friendly benefits.
  • 24/7 gym access, wellbeing platforms like Headspace and Spill, and sabbatical leave options.
APPLY →