GRC Manager

Posted Yesterday
Be an Early Applicant
6 Locations
Remote
Senior level
Artificial Intelligence • Conversational AI
The Role
Operate and maintain Omilia's regulatory compliance and certification programs (ISO 27001, SOC 2 Type II, C5, PCI-DSS, Cyber Essentials). Manage ISMS, certification body relationships, SOC 2 readiness, GDPR operational controls (DPIAs, RoPA, data subject rights, cross-border transfers), live obligation tracking for DORA/NIS2/HIPAA/CCPA, incident and breach response governance, client compliance audits, and GRC automation platform administration.
Summary Generated by Built In

The GRC Manager owns Omilia's regulatory compliance programmes and certification portfolio end to end. This is a delivery role, not an advisory one: the person in it runs the ISMS, manages certification body relationships, drives data protection governance, and coordinates evidence across SOC 2, ISO 27001, and adjacent frameworks. Omilia operates under EU law with enterprise clients in regulated industries around the world. The GRC Manager is the operational backbone that keeps those relationships defensible and those certifications current.

Accountabilities

  • Own the full lifecycle of ISO 27001, SOC 2 Type II, C5, PCI-DSS, and Cyber Essentials certifications: scoping, evidence library, audit coordination, management responses, and remediation tracking.
  • Own the GDPR operational compliance framework: DPIA process, LIA and TIA governance, RoPA maintenance, breach response documentation, and cross-border transfer mechanisms in collaboration with the DPO.
  • Maintain active compliance frameworks for DORA, NIS2, HIPAA, CCPA/CPRA, and the EU Data Act, maintaining current obligation tracking and client assurance artefacts.
  • Own breach and incident response governance end to end: process, regulatory notification decision support, Art. 33/34 documentation, and the regulatory notification register.
  • Drive control owner accountability without direct authority: translate regulatory obligation into business consequence, manage evidence deadlines, escalate where necessary.

Key Responsibilities

  • Manage the ISMS evidence library, own the certification body relationship for ISO 27001 and C5.
  • Coordinate SOC 2 Type II readiness: TSC scoping, evidence collection, auditor engagement, report distribution, and management response drafting.
  • Maintain the RoPA, conduct DPIAs and LIAs, and manage data subject rights governance under GDPR.
  • Track and implement obligations under DORA, NIS2, HIPAA, CCPA/CPRA, EU Data Act, and Cyber Resilience Act as live regulatory requirements, not awareness items.
  • Coordinate BAA execution and PHI obligation documentation with Legal for healthcare accounts.
  • Run the compliance deliverable tracker; close loops on evidence collection without being managed.
  • Translate regulatory obligations into plain-language business impact and secure timely responses from technical and product stakeholders who do not report to this role.
  • Manage the end-to-end coordination of client compliance audits: evidence packs, management responses, findings remediation.
  • Maintain and administer the GRC automation platform, including uploading evidence and monitoring control status.

Requirements

Technical and Professional Skills

  • 4 to 8 years in the GRC field, with the majority in regulated B2B technology or SaaS environments.
  • ISO 27001 Lead Auditor or Lead Implementer credential (mandatory).
  • Demonstrated end-to-end SOC 2 Type II ownership: scoping, evidence coordination, auditor management, and management response, not just participation.
  • GDPR practitioner depth: DPIA, RoPA, data subject rights, cross-border transfer mechanisms (SCCs, BCRs). Not a legal role, but Regulation-level fluency is required.
  • Active working knowledge of DORA and NIS2 as live compliance obligations; familiarity with HIPAA BAA coordination and US state privacy law tracking (CCPA/CPRA) is a strong advantage.
  • Experience with a GRC automation platform at an operational level, not just as a user.

Soft and Behavioural Skills

  • Runs a personal compliance tracker, closes loops independently, and does not require follow-up to meet deadlines.
  • Translates regulatory obligation into business consequence in plain language and drives timely response from technical teams and product stakeholders without formal authority.
  • Treats business pushback as the beginning of a process, not the end: documents, escalates, and tracks to resolution.
  • Comfortable being the compliance practitioner in the room during an audit: composed, prepared, and accountable for management responses.
  • Operates with minimal supervision in a small, high-output team where there is no large department to absorb operational errors or deadline slippage.

Formal Requirements

  • Degree in Law, Business, Information Systems, or equivalent professional experience.
  • Business fluency in English (written and spoken) is mandatory.
  • No formal travel requirement; occasional travel to Greece for client audits or certification body engagements may arise.

Benefits
  • Fixed compensation;
  • Long-term employment with the working days vacation;
  • Development in professional growth (courses, training, etc);
  • Being part of successful cutting-edge technology products that are making a global impact in the service industry;
  • Proficient and fun-to-work-with colleagues;
  • Apple gear.

Omilia is proud to be an equal opportunity employer and is dedicated to fostering a diverse and inclusive workplace. We believe that embracing diversity in all its forms enriches our workplace and drives our collective success. We are committed to creating an environment where everyone feels welcomed, valued, and empowered to contribute their unique perspectives without regard to factors such as race, color, religion, gender, gender identity or expression, sexual orientation, national origin, heredity, disability, age, or veteran status, all eligible candidates will be given consideration for employment.

Skills Required

  • 4 to 8 years in GRC, primarily in regulated B2B technology or SaaS environments
  • ISO 27001 Lead Auditor or Lead Implementer credential
  • Demonstrated end-to-end SOC 2 Type II ownership (scoping, evidence coordination, auditor management, management responses)
  • Operational GDPR expertise: DPIA, RoPA, data subject rights, and cross-border transfer mechanisms (SCCs, BCRs)
  • Active working knowledge of DORA and NIS2 as live compliance obligations
  • Familiarity with HIPAA BAA coordination and US state privacy laws (CCPA/CPRA)
  • Operational experience with a GRC automation platform (administration/uploading evidence, monitoring controls)
  • Degree in Law, Business, Information Systems, or equivalent professional experience
  • Business fluency in English (written and spoken)
  • Proven ability to drive control owner accountability and close evidence collection loops without direct authority
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Larnaca
354 Employees
Year Founded: 2002

What We Do

At Omilia we are engaged to provide the most human-like human-to-machine communication experiences and technologies in order to help large enterprises improve the customer care experience. Starting out of a small garage, Omilia is now serving 1 billion conversations, in 30 languages, across 17 countries. With one of the fastest growing NLU solutions in the market, Omilia has been recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Enterprise Conversational AI Platforms, as well as in the IDC Marketscape for Worldwide Conversational AI Software Platforms for Customer Service 2021. Our technology allows the enterprise to take advantage of Open-Question customer care with end-to-end Self-Service to greatly improve customer experience and significantly decrease operational costs. In 2016 Omilia expanded to USA and Canada, counting 33 full production deployments worldwide and case studies with proven KPIs and ROIs across various industries.

Similar Jobs

Deepgram Logo Deepgram

Account Executive

Artificial Intelligence • Machine Learning • Natural Language Processing • Software • Conversational AI
In-Office or Remote
28 Locations
150 Employees

Deepgram Logo Deepgram

Account Executive

Artificial Intelligence • Machine Learning • Natural Language Processing • Software • Conversational AI
Remote
27 Locations
150 Employees

CodePath.org Logo CodePath.org

Senior Product Designer

Edtech • Social Impact
Easy Apply
Remote
37 Locations
55 Employees
148K-190K Annually
Easy Apply
Remote
37 Locations
55 Employees
140K-178K Annually

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
LTX Thumbnail
Conversational AI • Generative AI
Jerusalem, Israel
360 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account