FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

GRC Manager
Omilia - Conversational IntelligenceGRC Manager managing compliance with ISO 27001, SOC 2, and related frameworks at Omilia. Operating end-to-end compliance for enterprise clients in regulated industries.
About the role
Key responsibilities & impact- Own the full lifecycle of ISO 27001, SOC 2 Type II, C5, PCI-DSS, and Cyber Essentials certifications: scoping, evidence library, audit coordination, management responses, and remediation tracking.
- Own the GDPR operational compliance framework: DPIA process, LIA and TIA governance, RoPA maintenance, breach response documentation, and cross-border transfer mechanisms in collaboration with the DPO.
- Maintain active compliance frameworks for DORA, NIS2, HIPAA, CCPA/CPRA, and the EU Data Act, maintaining current obligation tracking and client assurance artefacts.
- Own breach and incident response governance end to end: process, regulatory notification decision support, Art. 33/34 documentation, and the regulatory notification register.
- Drive control owner accountability without direct authority: translate regulatory obligation into business consequence, manage evidence deadlines, escalate where necessary.
- Manage the ISMS evidence library, own the certification body relationship for ISO 27001 and C5.
- Coordinate SOC 2 Type II readiness: TSC scoping, evidence collection, auditor engagement, report distribution, and management response drafting.
- Maintain the RoPA, conduct DPIAs and LIAs, and manage data subject rights governance under GDPR.
- Track and implement obligations under DORA, NIS2, HIPAA, CCPA/CPRA, EU Data Act, and Cyber Resilience Act as live regulatory requirements, not awareness items.
- Coordinate BAA execution and PHI obligation documentation with Legal for healthcare accounts.
- Run the compliance deliverable tracker; close loops on evidence collection without being managed.
- Translate regulatory obligations into plain-language business impact and secure timely responses from technical and product stakeholders who do not report to this role.
- Manage the end-to-end coordination of client compliance audits: evidence packs, management responses, findings remediation.
- Maintain and administer the GRC automation platform, including uploading evidence and monitoring control status.
Requirements
What you’ll need- 4 to 8 years in the GRC field, with the majority in regulated B2B technology or SaaS environments.
- ISO 27001 Lead Auditor or Lead Implementer credential (mandatory).
- Demonstrated end-to-end SOC 2 Type II ownership: scoping, evidence coordination, auditor management, and management response, not just participation.
- GDPR practitioner depth: DPIA, RoPA, data subject rights, cross-border transfer mechanisms (SCCs, BCRs). Not a legal role, but Regulation-level fluency is required.
- Active working knowledge of DORA and NIS2 as live compliance obligations; familiarity with HIPAA BAA coordination and US state privacy law tracking (CCPA/CPRA) is a strong advantage.
- Experience with a GRC automation platform at an operational level, not just as a user.
- Soft and Behavioural Skills
- Runs a personal compliance tracker, closes loops independently, and does not require follow-up to meet deadlines.
- Translates regulatory obligation into business consequence in plain language and drives timely response from technical teams and product stakeholders without formal authority.
- Treats business pushback as the beginning of a process, not the end: documents, escalates, and tracks to resolution.
- Comfortable being the compliance practitioner in the room during an audit: composed, prepared, and accountable for management responses.
- Operates with minimal supervision in a small, high-output team where there is no large department to absorb operational errors or deadline slippage.
Benefits
Comp & perks- Fixed compensation;
- Long-term employment with the working days vacation;
- Development in professional growth (courses, training, etc);
- Being part of successful cutting-edge technology products that are making a global impact in the service industry;
- Proficient and fun-to-work-with colleagues;
- Apple gear.
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
ISO 27001 ManagementSOC 2 Type II CoordinationGDPR ComplianceDPIA Process ManagementRoPA MaintenanceBreach Response DocumentationRegulatory Notification ManagementEvidence CollectionAudit CoordinationClient Compliance Audits
Soft Skills
Independent Deadline ManagementEffective CommunicationProblem-SolvingComposure Under PressureStakeholder Engagement
Certifications
ISO 27001 Lead AuditorISO 27001 Lead Implementer