Job title: IT Security Specialist GRC
Job type: Permanent
Emp type: Full-time
Industry: IT Services and IT Consulting
Salary: Negotiable
Location: Porto
Job published: 25-09-2025
Job ID: 35183

Job Description

Job Brief

  • We are seeking an IT Security Specialist focused on Governance, Risk, and Compliance (GRC) to support the implementation of the company’s information and cybersecurity strategy. This role involves managing risks, maintaining security architecture, and ensuring compliance across IT and OT environments. You will work closely with the ISO and key stakeholders to strengthen the organization’s security posture. The position is based in Porto with a hybrid working model (2 days in the office per week).

 

Responsibilities

  • Assist the ISO in implementing the information and cybersecurity program and strategy.

  • Support the development and deployment of a risk management methodology aligned with company policies.

  • Ensure alignment between IT/OT security risk management and the overall corporate risk framework.

  • Provide guidance on risk activities and evaluate the effectiveness of security controls in IT and OT systems.

  • Monitor security risks by assessing control implementation, asset vulnerabilities, threats, and incidents.

  • Report risk trends to Risk Owners and relevant committees.

  • Develop and maintain security documentation, including standards, processes, procedures, guidelines, contractual clauses, and control catalogs.

  • Design and maintain a unified IT and OT security architecture, including a repository of principles, terminology, services, frameworks, and reference models.

  • Support first-line teams in identifying and addressing cybersecurity requirements for new products, projects, processes, and services.

  • Implement security awareness, training, and education programs across IT and OT environments.

  • Provide evidence of risk oversight and control implementation for internal and external audits.

  • Communicate program status and progress to key stakeholders.

  • Monitor compliance with security architecture and standards and collect metrics to guide decision-making.

 

Requirements & Skills

  • Bachelor’s degree in Cybersecurity, IT, Computer Science, or related fields.

  • At least 3 years of experience in Information Security GRC.

  • Strong knowledge of security frameworks (ISO 27001, ISO 27005, NIST, IEC 62443).

  • Familiarity with regulatory requirements (GDPR, NIS2, etc.).

  • Experience with risk management tools, compliance platforms, and security monitoring solutions.

  • Proven experience in conducting security audits and risk assessments.

  • Solid understanding of IT security principles, cloud security, and network security.

  • Willingness to travel within Europe when required.

  • Passionate about cybersecurity and staying updated on threats and trends.

  • English and Portuguese (minimum B2/C1)

 

Next steps:

  • Do you consider yourself the ideal candidate for this role? If so, take the next step and apply now. Our team will take care of the rest.