Make Your Resume Now

Senior Manager: Governance, Risk and Compliance

Rewardgateway
Bulgaria
Posted April 14, 2026
Full Time €60,000 - €65,000 / year

Job Overview

Reward Gateway|Edenred is a leading digital platform and global market leader in benefits and employee engagement. We help our clients and their leaders to transform employee experience that will attract, engage and retain top talent through employee benefits, 

An opportunity has become available for a motivated and passionate Information Security professional to assume the role of Senior Manager: Governance, Risk and Compliance. You will define and lead the GRC strategy and operating model, ensuring that governance, risk management, compliance, security, and resilience are embedded into the way the company operates and grows.
 
This role owns the integrated control framework, multi-standard certifications, enterprise risk, business continuity, and key regulatory readiness programs (including NIS 2, EU AI Act for AI governance/compliance), while acting as a trusted advisor to the Leadership Team.
 
You will continue to build and lead our high-performing GRC function, manage the GRC team and budget, and deliver automation-driven, data-backed oversight that enables innovation and commercial agility.

Some of Your Responsibilities & Core Duties will be:

  • Lead, manage, and develop the GRC team, including hiring, coaching, performance management, and succession planning. Champion a culture where governance, risk and compliance are seen as business enablers, not blockers. 
  • Manage our control framework, covering ISO 27001, 22301, 9001, 14001, SOC2 Type 2, PCI DSS & CE+. 
  • Implement and manage ISO 42001 within the integrated management system, ensuring alignment with organisational objectives. 
  • Partner with our Cyber Security, IT, Product and Engineering Teams to ensure that information security governance and policies remain effective, aligned with risk appetite, and embedded into day-to-day operations. 
  • Own and mature the Vendor Risk Management (VRM) framework, including vendor criticality tiers, onboarding, due diligence, and ongoing monitoring. 
  • Manage and test Business Continuity Plans (BCPs) across critical business services, locations, and supporting technology.
  • Own the enterprise risk management framework, methodology, and tools. Lea
  • d regular Information Security and AI Risk Board meetings, ensuring clear risk ownership, documented decisions, and timely follow-up on agreed actions. 
  • Use KPIs to monitor GRC process performance, drive continuous improvement, and evidence the value and maturity of the GRC function. 
  • Support the creation, enhancement, and maintenance of technical and procedural documentation (policies, standards, guidelines, and work instructions).

The Experience and Key Skills you will have:

  • At least 5+ years’ experience in the capacity of a GRC Manager/Senior GRC Analyst or a Lead Auditor is required.
  • Certification in ISO 27001 and/or recognised IT governance and security certification such as CRISC, CISA, CISSP, etc.
  • Experience implementing or managing Governance, Risk and Compliance (GRC) systems.
  • Hands-on experience as an Internal Security Assessor for PCI DSS and leading or heavily supporting PCI DSS certification or assessments.
  • Experience with NIS 2, AI governance / AI compliance, and other emerging regulatory frameworks, or clear capability to rapidly build this expertise.
  • Demonstrated ability to assess and design internal controls for information security in enterprise or high-growth SaaS environments, including cloud-native architectures.
  • Understanding of fundamental information security concepts and technology and have previous exposure to cloud technologies and cloud security.  
  • Superb English communication skills with the ability to interact effectively with multi-disciplinary teams.

Ready to Apply?

Take the next step in your career journey

Apply Show More Jobs

Stand out with a professional resume tailored for this role

Build Your Resume – It’s Free!