About the company
As an Austrian-founded company, our company headquarters is located in Vienna, so you'll notice a lot of our roles target here. However, as we also have talent hubs in other cities across Europe (Amsterdam, Berlin, Barcelona, Bucharest) many of our positions are open to these locations as well.
Job Summary
What you’ll do
📍Governance & control framework ownership: Own and maintain parts of the ISMS; ensure policies/standards are implemented in a measurable way; support security-by-design governance for new initiatives. 📍Assurance & audit execution: Plan and run audit readiness activities (ISO 27001/SOC 2/internal audit/regulatory requests): timelines, evidence plans, stakeholder coordination; review evidence for quality (period coverage, completeness, traceability), challenge gaps, and drive remediation with control owners; draft clear, consistent responses to auditors and internal stakeholders; maintain an action plan and verify closure. 📍Risk management: Facilitate risk assessments for systems/projects/vendors with appropriate depth; document outcomes and treatment plans; maintain the risk register quality; identify systemic themes (repeat findings, control weakness patterns) and propose improvements to reduce residual risk. 📍Third-party risk & compliance enablement: Lead parts of third-party risk management: due diligence reviews, tracking remediation commitments, and supporting security contractual requirements; Partner with Procurement/Legal/Business owners to ensure proportionate security requirements for vendors (especially critical service providers). 📍Control testing & continuous improvement: Execute control design/operating effectiveness testing for a defined control set; document results and recommend improvements; produce GRC reporting and metrics for leadership (audit status, overdue actions, risk trends, control health indicators); improve GRC workflows through templates, playbooks, automation, and tooling (where applicable).
Who you are
📍You’re proactive and ownership-driven: you don’t wait to be told what’s missing; you spot gaps and fix them. 📍You can balance rigor with pragmatism, applying controls proportionate to risk and business criticality. 📍You write clearly and persuasively, especially when documenting controls, risks, and audit responses. 📍You’re comfortable challenging constructively; asking “show me” and improving evidence and control quality without being obstructive. 📍You’re collaborative and calm under deadline pressure (audits, regulator requests, and escalations).
If this role isn’t the perfect fit, there are plenty of exciting opportunities in blockchain technology, cryptocurrency startups, and remote crypto jobs to explore. Check them on our Jobs Board.
