Information Security Risk & Compliance Specialist

About CyberArk: CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

About the Role: We are seeking a highly motivated and detail-oriented GRC Compliance Expert to join our Governance, Risk, and Compliance team. This role is pivotal in supporting customer security assessments during RFx processes, driving compliance initiatives including DORA, NIS2, and other regulatory frameworks, and assisting with broader GRC activities across the organization. The ideal candidate is a self-starter with strong communication skills, who thrives in a fast-paced environment and is passionate about cybersecurity, regulatory compliance, and risk management. Please note that this is a hybrid role located in our office in London. We ask to come to the office twice per week.

• Support the sales and legal teams during RFx processes by responding to customer security questionnaires, assessments, and due diligence requests.
• Coordinate and manage responses to customer security audits and assurance inquiries.
• Monitor regulatory changes and contribute to compliance initiatives such as DORA, NIS2, and other applicable standards and frameworks (e.g., ISO 27001, SOC 2, GDPR).
• Assist in the development, maintenance, and improvement of internal GRC processes, policies, and documentation.
• Collaborate with cross-functional teams (Security, Legal, IT, Product, etc.) to gather information and ensure compliance obligations are met.
• Participate in risk assessments, control testing, and continuous monitoring activities to support the overall risk and compliance program.
• Support customer contract negotiations by providing expert input on security and compliance clauses.
• Help prepare evidence and documentation for internal and external audits.
• Track and report on compliance project status and risks to leadership.

Qualifications:

• 3+ years of experience in Governance, Risk, and Compliance, Information Security, or a related field.
• Experience supporting sales processes, including responding to RFx security assessments.
• Solid understanding of cybersecurity principles, information security best practices, and regulatory requirements (DORA, NIS2, GDPR, ISO 27001, SOC 2, etc.).
• Excellent written and verbal communication skills; able to translate technical concepts for non-technical audiences.
• Strong organizational skills with the ability to manage multiple priorities in a dynamic environment.
• Self-motivated with a proactive approach to problem-solving and attention to detail.
• Experience working in a SaaS, cloud, or technology-driven company is preferred.
• Professional certifications (such as CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or similar) are a plus.

Additional Information: We are proud to foster a diverse and inclusive workplace, where every individual's unique background, perspective, and contribution is celebrated. We believe that by embracing diversity, we drive innovation and create a stronger, more united team. Inclusion is at the heart of who we are and how we succeed. All qualified applicants will receive consideration for employment without regard to race, colour, age, religion, sex, sexual orientation, gender identity, or disability. Upon conditional offer of employment, candidates are required to complete a comprehensive background check as per our internal policy. CyberArk is an equal opportunities employer. If you would like any special arrangements made for your interview, please inform the EMEA Talent Acquisition team upon your application so that we may take steps to accommodate your needs.