Governance, Risk, and Compliance (GRC) Analyst

Country: Portugal

Job Description

We are looking for a motivated and detail-oriented Governance, Risk, and Compliance (GRC) Analyst to join our Cybersecurity team in Lisbon, Portugal. The ideal candidate will support governance, risk, and compliance activities, ensuring alignment with internal policies, regulatory requirements, and global cybersecurity standards.

This role requires a strong analytical mindset combined with a good understanding of cybersecurity controls and risk management. You will work closely with Cyber, IT, and Business teams to monitor control effectiveness, support audits, and contribute to a robust and compliant security posture.

Key Responsibilities

• Cyber Risk & Compliance Monitoring:
  • Support the identification, assessment, and reporting of cybersecurity risks, ensuring alignment with internal frameworks and regulatory requirements.

• Control Monitoring & Improvement:
  • Monitor key cybersecurity indicators (e.g. hardening, patching, endpoint protection, logging) and follow up on remediation of identified gaps.

• Audit & Regulatory Support:
  • Assist in internal and external audits, including evidence collection, stakeholder coordination, and tracking of remediation actions.

• Policy & Standards Implementation:
  • Support the implementation and monitoring of cybersecurity policies, standards, and controls in line with Group guidelines and applicable regulations.

• Third-Party Risk Support:
  • Contribute to the assessment of cybersecurity risks associated with third parties, ensuring alignment with defined security requirements.

Profile

• 2–3 years of experience in Cybersecurity, Risk, or IT Governance
• Degree in Computer Engineering or similar
• Good knowledge of cybersecurity frameworks (e.g. ISO 27001, NIST, CIS)
• Strong analytical and problem-solving skills
• Good communication and stakeholder management

Languages

• Portuguese (mandatory)
• English (mandatory)
• Spanish (nice to have)