GRC & Client Assurance Specialist

Join beqom - where tech meets impact

beqom is a high-growth B2B SaaS company that provides industry-leading tools for pay equity and transparency, compensation, and performance management.

Trusted by some of the world's most respected companies, beqom enables HR and business leaders to navigate global compliance and make smarter pay decisions that attract, retain, and motivate top talent.

Founded in Switzerland and serving clients worldwide, our powerful, enterprise-ready products are fueled by beqom pay intelligence.

The Role

The GRC & Client Assurance Specialist is responsible for supporting the organization's Governance, Risk, and Compliance (GRC) framework and ensuring that clients receive timely, accurate, and compliant responses related to security, privacy, and regulatory requirements.

This role bridges the gap between internal compliance functions and client-facing teams by managing security assessments, due diligence questionnaires, and audit requests, while maintaining strong alignment with the company's ISO, SOC, and regulatory obligations.

The specialist ensures that organizational controls, policies, and certifications ISO/SOC are effectively communicated to clients, drives continuous improvement in risk and compliance processes, and helps build client trust through transparency and operational excellence.

What will you be doing?

Client Assurance and Vendor Due Diligence (High Priority)

• Security Liaison: Serve as the primary Subject Matter Expert (SME) for all client and prospect security inquiries (RFPs, RFIs), completing comprehensive Security Questionnaires (e.g., SIG, CAIQ) with technical accuracy.
• Audit Facilitation: Manage client-side security audits and requests for evidence, translating complex technical controls into auditable documentation for client risk teams.
• Contractual Compliance: Review client contracts to identify, map, and ensure adherence to specific security and compliance requirements (e.g., data residency, breach notification timelines, specific control mandates).
• Bridge Letter Management: Coordinate the creation and delivery of SOC 2 Bridging Letters (Gap Letters) signed by management to ensure continuous assurance for clients between audit periods.

Control Management and Internal Auditing

• Control Mapping: Maintain the continuous mapping of organisational controls against required frameworks: SOC 2 (Security, Availability, Confidentiality, etc.) and ISO 27001
• Evidence Collection: Streamline and automate the ongoing collection of control evidence (e.g., vulnerability scans, access review logs, change management records) required for external audits.
• Internal Reviews: Perform and document periodic Internal Audits and User Access Reviews (UARs) for high-risk and privileged accounts (ensuring adherence to the Principle of Least Privilege).
• Policy Maintenance: Assist the GRC Manager in reviewing, updating, and distributing security policies and standards to ensure they reflect the current compliance posture and regulatory landscape.

Technical Risk and Remediation

• Risk Analysis: Support the maintenance of the Information Security Management System (ISMS) risk register by performing ad-hoc risk assessments on new features, vendor integrations, and material changes to the production environment.
• Remediation Tracking: Collaborate directly with the Engineering and DevOps teams to translate audit findings and control deficiencies into actionable, prioritized remediation tasks.

What are we looking for?

• Experience: Minimum 3+ years of direct experience in an Information Security, IT Audit, or GRC role, preferably within a SaaS or B2B technology company.
• Framework Expertise (Mandatory): Demonstrated expertise working with and maintaining continuous compliance for SOC 2 Type II and ISO/IEC 27001.
• Technical Literacy: Ability to read and understand technical documentation, cloud architecture diagrams (AWS/Azure), and security concepts (encryption, network segmentation, IAM roles).
• Communication: Exceptional written and verbal communication skills, specifically the ability to translate technical risks into business impact for executive and client audiences.
• Process Acumen: Strong understanding of IT General Controls (ITGCs), change management, vulnerability management, and incident response processes.

Bonus points if you have:

• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• ISO 27001 Lead Implementer/Auditor certification
• Cloud Certification (e.g., AWS Certified Security – Specialty or Azure Security Engineer Associate)

Why join us?

• Your career, your design. Unleash your ambition in our dynamic, autonomous environment.
• Drive meaningful change. Build a fairer future for every employee by joining a market leader that is improving the world of work.
• Belong to something bigger. Collaborate with a passionate, diverse and talented team around the globe.