SaaS GRC Specialist

We are growing. Privacy and AI compliance has moved from a back office concern to a board level priority, and our clients are asking more of us because of it. Every week brings a new regulation, a new enforcement decision, or a new product launch that needs a privacy lens before it ships. This demand is an opportunity for us. We are building Lex Dinamica for what comes next in this work, and we are looking for the people who want to build it with us. This role is how we build out our GRC capability and bring our clients a broader view of risk, controls and compliance technology.

Lex Dinamica is a consulting firm that provides Privacy, AI and Risk solutions. Our advisory, technology and DPO services help clients address regulatory challenges worldwide and deliver compliance-driven value. Our clients range from FTSE 100 companies and global multinationals to government contractors and high growth scale ups, and they come to us for advisory work, DPO support delivered as a service, AI governance, and privacy technology programmes including OneTrust, where we are a certified implementation partner. The SaaS GRC Specialist role is how we extend that work into governance, risk and compliance more broadly. You will help clients design, run and improve the frameworks that hold their compliance programmes together, supported by the technology platforms that bring those programmes to life.

In this role, you will:

• Advise clients across governance, risk and compliance, including framework design, controls, and assurance
• Support implementation of GRC technology platforms, with OneTrust at the centre
• Bring a broad GRC lens to engagements that touch privacy, security, AI and operational risk
• Work directly with clients across our global portfolio, including German speaking accounts if your languages allow

In practice, that means working alongside our consultants and senior leadership to deliver GRC programmes from scoping through go live and into operations. You will advise clients on the frameworks that hold their compliance programmes together. Risk taxonomies, control libraries, policy structures, assurance approaches, and the operating models that bring them to life. You will help clients move from fragmented, function specific compliance toward something integrated. You will become an expert on OneTrust. We will train you up through our internal programme and certification pathway, and you will quickly become the person clients lean on for platform decisions, configuration trade offs, and the practicalities of running GRC technology at scale. You will bring an integrated view across risk domains. Privacy, information security, AI governance, operational resilience, third party risk, and the regulatory landscape that connects them. Our clients increasingly want one partner who can see across all of it. You will help us be that partner. You will work directly with clients across our global portfolio. If you speak German or another European language, you will also be the natural point of contact for clients who prefer to work in that language, which is something we are increasingly asked for.

You will contribute to how we work. Our GRC service line is growing, and the people who join now will help shape the methodologies, templates, and ways of working that we take to every future client.

Must haves

• A solid grounding in governance, risk and compliance, with practical experience designing or operating GRC frameworks, controls, or assurance programmes in a client or in house setting.
• Willingness to learn OneTrust and broader GRC platforms quickly, supported by our internal training and certification.
• A genuine interest in privacy, AI governance, and the wider compliance technology space.
• Strong analytical and problem solving instincts.
• Strong written and verbal communication in English.
• A right to work in the UK.

Nice to haves

• Fluency in German.
• Fluency in any other language.
• Hands on experience with one or more GRC technology platforms (OneTrust, ServiceNow GRC, Archer, MetricStream, or similar).
• Familiarity with widely used GRC frameworks and standards (ISO 27001, ISO 27701, SOC 2, NIST CSF, COSO, or similar).
• Working knowledge of GDPR, the EU AI Act, and the wider regulatory landscape across the UK and EU.
• Exposure to specific regimes such as DORA, NIS2, or sectoral compliance requirements.
• Consulting experience, whether at a professional services firm, a Big Four, or a privacy or risk specialist firm.
• A recognised credential such as CIPP/E, CIPM, CRISC, CISA, ISO 27001 Lead Auditor or Implementer, or equivalent.
• A relevant degree in a field such as Business, Law, Economics, Computer Science, Information Security, or similar.

Lex Dinamica was built from day one to solve the problems that organisations face when data, regulation, technology and trust all have to hold together at once. That focus is what we are, and it is what we lead with from the first client conversation to the final deliverable. Headquartered in London and supported by delivery centres across the EU, US and India, we partner with clients from FTSE 100 companies and global multinationals to government contractors and high growth scale ups. Our work spans more than fifty jurisdictions and over one hundred and fifty delivered projects. Our founders came out of Big Four consulting. The firm they built deliberately keeps what works about that model, the rigour, the breadth, the client discipline, and strips out what does not, the layers, the politics, the pace. We are a firm of curious people, fast learners, and genuine team players. We are selective about who we hire, because the people already here are worth working alongside.

You will be based in our London office with hybrid working, spending two days a week in the office and the rest of your week wherever you work best. The specific rhythm will flex around client commitments, team moments, and how you do your best work. At Lex Dinamica, we understand that a career is one part of a wider life, and we build our working patterns around that reality. Our hybrid model is designed to give you the face to face time that builds relationships, accelerates learning, and makes a small firm feel like one, alongside the focus time that consulting work genuinely needs.

What we offer

• Competitive salary
• 26 days of annual leave, with the option to accrue additional days over time
• Hybrid working as standard, with 2 days in the office
• Private pension contributions
• Optional private health insurance
• A work from anywhere policy that lets you work abroad for defined periods each year

If this sounds like the role you are looking for, send us your CV. For more information, or for part time opportunities, get in touch with our team via LinkedIn.

Our screening process assesses candidates' qualities, capabilities, experience, fit, vision, and ambition to ensure they align with our needs. We conduct comprehensive evaluations and in-depth interviews to identify top talent. The data you provide us with will be processed exclusively for recruitment purposes and assessing your application against our requirements. You may withdraw your application at any time by getting in touch with a member of our team, via LinkedIn or the contact details found on our website. You may ask us to keep your information on file for any future opportunities.

Lex Dinamica is proud to be an equal opportunity employer, which means we are committed to creating and celebrating diverse thoughts, cultures, and backgrounds throughout our organisation. Employment at Lex Dinamica is based on substantive ability, objective qualifications, and work ethic, not an individual's background, religion, sex or gender, gender identity or expression, sexual orientation, national origin or ancestry, alienage or citizenship status, physical or mental disability, pregnancy, age, genetic information, veteran status, marital status, status as a victim of domestic violence or sex offenses, reproductive health decision, or any other characteristics protected by applicable law.