About us

What is it like to work in UC colors? One thing is for sure, all 350+ of our colleagues would say the same: unique and unrepeatable. Professional and language training, soft skill training, team-building abroad and at home, IT Fest, Balaton Circle on two wheels or two feet, kUCkó aka UC wellness centre, themed craft afternoons, charity painting. Be a part of this experience of a lifetime!

The client / the project

A long-term cybersecurity initiative within the UC Cybersecurity’s client portfolio, focusing on establishing and maintaining strong information security governance, risk management processes, and regulatory compliance. The GRC Expert will work across internal cybersecurity programs and client-facing initiatives, contributing to the development, implementation, and maintenance of security governance, risk, and compliance activities. Responsibilities may shift depending on ongoing internal cybersecurity needs or external client engagements.

This role bridges security governance frameworks with real-world execution. The GRC Expert will be responsible for interpreting and implementing security standards, supporting audit-readiness, and advising on risk mitigation - both internally and in client engagements. This is not a rotating consulting gig; it is a stable, long-term role where the GRC expert is expected to build institutional knowledge and contribute strategically over time.

Responsibilities

• Manage internal and client-facing security compliance initiatives
• Lead or support audits, risk assessments, and gap analyses
• Align policies, procedures, and technical controls with frameworks like ISO 27001, NIST, CIS
• Track security KPIs and generate compliance reporting dashboards
• Provide guidance to other teams on security governance and documentation
• Stay current on regulatory updates and emerging cybersecurity risks
• Acting as a subject-matter expert on relevant compliance and regulatory frameworks (e.g. ISO standards, PCI, GDPR, NIS2, DORA etc), and staying on best practices.
• Supporting the delivery of CISOaaS tasks.
• Working with GRC Lead, CISO to build cohesive security and compliance programs.
• Maintain and develop policies and procedures and provide security guidance in the case of previously written policies.
• Driving infosec standards and the future strategy of our clients – and of course of us.
• Maintain and develop policies and procedures and provide security guidance in the case of previously written policies.
• Driving infosec standards and the future strategy of our clients – and of course of us.
• Developing and implementing controls to address cybersecurity and compliance needs.
• Conducting compliance audits to ensure adherence to cybersecurity standards and regulations and preparing documentations for the audits.
• Identifying compliance gaps and initiating corrective actions.
• Coordinate the treatment of non-conformity with, and exceptions to, the Information Security Policy, norms and laws.

Technologies / Skills

• 3–5 years’ experience in GRC, information security governance, or audit/compliance roles
• Background in Information Security, Risk Management, or related fields
• Knowledge of GDPR and other relevant compliance obligations
• Familiarity with security audits and control design
• Basic knowledge about compliance standards and directives, eg. ISO 27001, NIST, NIS2, PCI-DSS, DORA
• Strong interpersonal and documentation skills
• Proven analytical problem-solving skills with a demonstrated ability to research problems and proactively suggest ways to better a process
• Highly motivated with demonstrated experience managing multiple projects in a fast-paced, deadline-oriented work environment
• Calm under pressure - Maintains a steady and focused approach in stressful, high-pressure situations
• Detail-oriented - Strong attention to details, precision in managing security measures
• Analytical mindset - Strong attention to detail with the ability to interpret and assess complex information
• Effective communicator - Able to explain complex security matters/issues clearly and effectively
• Eager to learn - Deep interest in cybersecurity, with a commitment to staying informed about the latest trends and compliance standards
• Strong team player attitude - With collaboration and effective communication skills
• Hungarian: Fluent (spoken & written) + English: Professional proficiency (spoken & written — required for documentation)

Advantages

• Certifications are an advantage (e.g., ISO 27001 Lead Implementer, CISA, CRISC, CISSP)
• Hands-on experience with at least one GRC tool is an advantage (e.g., Archer, ServiceNow GRC)

Why join us

• Work in a small team with enthusiastic, motivated, experienced colleagues and cutting edge technologies.
• Participate in relevant training and certification to acquire and maintain the knowledge to be effective.
• Our mission and core values match your own and motivate you.
• Great company environment that is serious about having fun in almost everything we do, including frequent team events and more.
• Informal, entrepreneurial and flexible atmosphere where thinking out-of-the-box is highly encouraged.