Governance, Risk, and Compliance Specialist Porto

Governance, Risk, and Compliance Specialist
Porto
Porto, Porto District, Portugal

TIMWETECH is a multinational company that is positioned as a digital enabler for mobile operators, operating in more than 80 countries through 30 offices. Outside of our core Latin American and Middle Eastern markets, we are rapidly consolidating our position across Africa, Eastern Europe and the Asian regions.

Are you looking to accelerate your career in a
- paced environment with a thriving and innovative company? If so, this is the opportunity for you! Welcome to a different kind of company: TIMWETECH!

We are looking for talent to sustain our growth and maintain a clear focus on new fashion technologies and, in this context, we are currently looking for a Governance, Risk, and Compliance Specialist to work in the city of Lisbon.

We are seeking a highly motivated and
- oriented Governance, Risk, and Compliance (GRC) Specialist to support our efforts in maintaining and enhancing our compliance with ISO 27001, ISO 9001, PCI-DSS, and GDPR. The ideal candidate will have a strong understanding of governance frameworks, risk management methodologies, and regulatory compliance requirements, with proven experience in these areas.

Responsibilities:

• Develop, implement, and maintain governance frameworks and policies aligned with industry standards.
• Conduct risk assessments and propose mitigation strategies for identified vulnerabilities.
• Manage and support internal and external audits for ISO 27001, ISO 9001, PCI-DSS, and GDPR compliance.
• Ensure the organization adheres to data protection regulations and best practices.
• Monitor changes in relevant standards and regulations and update policies accordingly.
• Provide training and awareness programs to employees on compliance, cybersecurity, and risk management.
• Collaborate with IT and security teams to align compliance efforts with information security objectives.
• Prepare and present compliance reports to senior management and stakeholders.

Requirements:

• Proven experience in governance, risk, and compliance roles, preferably in an organization certified in ISO 27001, ISO 9001and PCI-DSS.
• In-depth knowledge of GDPR and other data protection regulations.
• Strong understanding of cybersecurity frameworks, risk management methodologies, and information security practices.
• Experience with audit processes and certification requirements.
• Excellent written and verbal communication skills in English (additional languages are a plus).

Preferred Skills and Knowledge:

• Certification in ISO 27001 Lead Auditor/Implementer or similar qualifications.
• Familiarity with data protection tools and techniques.
• Familiarity with ITIL or similar service management frameworks.
• Strong analytical skills and attention to detail.
• Ability to work independently and as part of a team.

Experience:

• At least 3-5 years of experience in GRC roles or similar positions.
• Hands-on experience with maintaining compliance for certifications like ISO 27001, PCI-DSS, and GDPR.

Why Join Us?

• Opportunity to work in a dynamic and innovative environment.
• Exposure to international compliance and governance standards.
• Professional growth and training opportunities.