Information security & GRC Methodology Officer

We’re looking for an Information security & GRC Methodology Officer to join the Product team and shape the security and GRC methodologies that power Copla platform. The methodologies and structures you help build will be used by many organisations across Europe and will directly enable them to achieve and maintain regulatory compliance.

You will join the Product development team and will be responsible for defining, developing, and continuously improving the security and compliance frameworks, methodologies, and governance standards. This role ensures alignment with global regulatory requirements and industry best practices, including frameworks such as ISO/IEC 27001, NIS / NIS2, COBIT, and applicable privacy regulations like GDPR.

Important: this is not a traditional CISO role. You will not be responsible for company or client compliance, audits, or advisory engagements. Your role sits within Product, focusing on GRC methodology, framework logic, and design.

Key Responsibilities:

Strategy & Framework Development

• Design and maintain enterprise-wide security and compliance methodologies.
• Establish governance structures, control libraries, policy frameworks, and security baselines.
• Align internal methodologies with international standards (ISO 27001, NIST CSF, SOC 2, etc.).
• Shape the methodology behind policy automation, ensuring policies align with regulatory frameworks and are practical to implement
• Design framework mappings and structures that can be embedded into software (controls, workflows, relationships).
• Work closely with PO, Engineering, and UX teams to ensure methodologies are technically sound and aligned with both regulatory and user expectations

Risk & Compliance Oversight

• Oversee risk assessment methodologies and ensure consistent application.
• Contribute to the design of security and compliance awareness trainings, embedding regulatory and security best practices into structured learning content
• Translate regulatory and security frameworks into clear, structured, and scalable product logic that can be reused across many organisations.
• Standardize control testing, monitoring, and reporting practices.
• Provide strategic direction for audit readiness and certification initiatives.
• Interpret new and evolving regulations and translate them into actionable controls.

Qualifications:

• Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field.
• 5+ years of experience in cybersecurity, governance, risk, compliance or GRC methodology officer roles.
• Strong hands-on knowledge of security frameworks and regulatory standards (ISO 27001, DORA, NIS / NIS2, PCI DSS, GDPR, etc.).
• Proven experience leading audit and certification programs.
• Practical experience applying these frameworks in financial services, fintech, or other regulated environments
• Solid understanding of risk management and GRC methodology (risk registers, BIA, controls, governance)
• Ability to think structurally and product-first, not just from a compliance or audit perspective
  Strong written communication skills — you can explain complex topics clearly and precisely
• Strong analytical, documentation, and communication skills.

Nice to have

• Industry certifications (e.g. CISSP, CISM, ISO 27001 LA/LI, etc.).
• Experience designing or harmonising GRC models and methodologies.
• Experience creating or structuring security awareness training content.
• Prior experience working closely with product or engineering teams.

What We Offer:

• Environment for real impact: Got an idea that’ll make Copla product better? Share it, get feedback, fine-tune, and take action. We trust expertise and value ownership.
• Work from anywhere: Office (Raitininkų str., Vilnius), co-working space, home, in the motorhome? Let’s make sure your workspace works for you. Not vice versa.
• A collaborative work environment: you will be surrounded by open minded people in the team who are striving for a common goal.
• Hot topic: The chance to work on cybersecurity products that make a real difference.
• Salary: 5500 – 7000 EUR before taxes.

Other perks

• Personal learning budgetCourses/ certifications.
• Conference budget.
• Internal mentorship programs.
• Regular offsites.
• Additional days off for parents.