GRC Analyst (Cybersecurity & Compliance)

Timestamp Group aggregates several leading Portuguese IT solutions and services companies around the concepts of excellence and knowledge sharing. We are committed to technological leadership, based on the quality of our service and technological solutions, supported by continuous training and certification.

1. Position Overview

• We are looking for a GRC Analyst with 3–4 years of experience in cybersecurity governance, risk and compliance.

• The role involves supporting ISO 27001 certification projects, regulatory compliance initiatives (NIS2, DORA), and continuous improvement of information security frameworks.

2. Key Responsibilities

• Support implementation and maintenance of ISMS aligned with ISO/IEC 27001;

• Perform gap analysis, risk assessments and compliance evaluations;

• Assist in internal and external audits and certification processes;

• Assess regulatory requirements (NIS2, DORA, GDPR) against control frameworks;

• Develop and maintain policies, procedures and documentation;

• Coordinate with stakeholders across IT, Legal and Business teams.

3. Required Experience

• 3–4 years of experience in GRC or cybersecurity compliance roles;

• Hands-on experience in ISO 27001 implementation or certification support projects;

• Exposure to NIS2 and/or DORA regulatory requirements, supporting customers' implementation;

• Experience in regulated industries is a plus (Finance, Telecom, Energy, Healthcare).

4. Technical Skills

• Risk management methodologies (ISO 27005 or equivalent);

• Knowledge of ISO 27001 / ISO 27002 standards or even certification in that area (ISO 27.001 Auditor);

• Familiarity with frameworks such as NIST CSF, COBIT (optional);

• Experience with GRC tools is a plus;

• Strong analytical and reporting skills.

5. Soft Skills

• Strong communication skills and ability to work with non-technical teams;

• Attention to detail and organizational skills;

• Ability to manage multiple priorities;

• Critical thinking and problem-solving mindset.

6. Education and Certifications

• Bachelor’s degree in Information Security, IT, or related field.

• ISO 27001 Lead Implementer or Lead Auditor (preferred).

• Certifications such as CISM, CRISC, CISSP are a plus.

7. Languages

• Portuguese – Fluent

• English – Professional proficiency (mandatory)

Employee Benefits:

• Health insurance
• Flexibility in organizational routine
• Training and certifications
• Employee Support Program (in 5 areas, including psychology)
• Birthday and seniority gifts
• Monthly Happy Hour
• Benefits portal with attractive offers