The role

Were looking for a new teammate who will support the implementation & ongoing maintenance of information security compliance & certification programs, working with cross-functional internal teams & external auditing agencies. The person will also support data protection, data privacy, & third-party vendor risk management functions.

The position will be part of the Governance, Risk & Compliance (GRC) team at HelloFresh that is responsible for creating, maintaining & improving HelloFreshs security risk management program & remediation activities; information security & data privacy related processes, policies, & guidelines; supporting compliance & certification related activities; & driving security awareness & education.

Above all, we are looking for people who will make HelloFresh better. We believe there are many different ways of developing skills & we love diverse experiences! So even if you dont tick all the boxes but think youd thrive in this role, we would really like to learn more about you.

What youll do

• Lead internal assessments & coordinate external compliance audits at planned intervals
• Evaluate & validate the design & operational effectiveness of security policies, standards, & internal controls to help reduce compliance risk in the company
• Monitor open items from internal assessments & external compliance audits to ensure completion of remediation activities
• Support continuous monitoring processes to assess compliance with information security policies & standards as well as legal & regulatory compliance requirements
• Assist as required with third-party vendor security reviews & assessments regarding their security & data privacy status
• Collaborate with various teams to identify, document, assess & remediate security risks
• Participate in the development & implementation of security policies, standards, security awareness & end-user education efforts
• Develop comprehensive & accurate reports & presentations on the compliance landscape for both technical & executive audiences
• Use formal project management skills in planning, tracking, & reporting to drive remediation activities

What youll bring

• 3+ years' experience in performing compliance activities in a corporate environment related to IT General Controls (ITGC), SOC 2, ISO 27001, PCI DSS, EU NIS2, & various data privacy directives (GDPR, CCPA/CPRA, etc.)
• Ability to interpret compliance regulations and map them to the actual implementation of systems, whilst referencing various security frameworks
• Experience supporting data privacy regulations (GDPR, CCPA) and third-party risk management programs
• Experience with developing & executing security awareness programs & trainings
• Highly organized and detail-oriented, with an ability to work independently
• Industry compliance certifications (CISA, CISM, CISSP) are a plus
• Prior experience working in a SaaS environment, mainly Cloud & AWS-based

What we offer

Elevate your lifestyle! Join one of Europe's fastest-growing tech powerhouses in a dynamic phase of expansion.

• Immerse yourself in a diverse global community of 90+ nationalities.
• Enjoy a competitive compensation package that goes beyond the norm, with perks like a HelloFresh- subsidized Pension Scheme, Berlin relocation support, & a Hybrid working model.
• Elevate your lifestyle with exclusive discounts on your weekly HelloFresh box & office meals.
• Invest in your growth with a German language learning budget, & access to the HelloFresh Academy.
• Plus, we've got your well-being covered with mental health support, transportation perks, & working-parent-friendly benefits. From our 24/7 gym access,wellbeing platforms like Headspace & Spill, to sabbatical leave options, HelloFresh is not just a workplace; it's a lifestyle of perks & possibilities!