About XTEL:

At XTEL, we excel in understanding large FMCG players. As a leading software provider of sales automation solutions for the Consumer Goods Industry worldwide, our mission is to partner with our customers to unlock growth through smart investment and optimize their promotional plans.

Position Overview:

XTEL is looking for a GRC Analyst who is driven, curious, and eager to grow. You’ll work directly with the Director of Information Assurance to help build and scale a forward-thinking and efficient security & compliance program. This isn’t a check the box compliance role, we’re looking for someone who wants to reimagine how GRC is done and isn’t afraid to roll up their sleeves to make it happen.

This is an ideal opportunity for someone earlier in their GRC career who is looking to learn, contribute meaningfully, and be part of a high impact team.

Key Responsibilities:

• Support the ongoing operation and improvement of XTEL’s ISMS.

• Draft, review, and maintain security & compliance policies, standards, and procedures, ensuring they meet evolving compliance requirements and business needs.

• Manage internal and external audits (ISO 27001, SOC 2).

• Help monitor compliance obligations across frameworks including ISO 27001, SOC 2, SOC 1/ISAE 3402, GDPR, and NIS2.

• Assist with risk assessments and treatment plans.

• Contribute to our Third Party Risk Management (TPRM) efforts for evaluating vendors beyond just sending out lengthy questionnaires.

• Assist with client security questionnaires, RFPs, and due diligence requests.

• Support ESG initiatives by collecting, analyzing, and reporting on sustainability metrics, including greenhouse gas emissions and energy usage, to meet investor and stakeholder requirements.

• Assist in responding to customer RFPs and inquiries related to ESG, ensuring alignment with sustainability goals and regulatory frameworks.

• Collaborate with stakeholders across IT, Product, Engineering, HR, etc. to implement security controls.

• Continuously look for ways to automate, streamline, and modernize how we manage compliance and security operations.

• Contribute to incident response and BCP/DRP planning and testing.

Qualifications:

• You’re motivated, adaptable, and eager to learn.

• You have 2-5 years of experience in security, compliance, or risk management roles, particularly in cloud based SaaS environments.

• You have hands on experience with ISO 27001 and SOC 2, and preferably have experience directly managing these types of audits.

• You are comfortable working on multiple concurrent projects, and to an extent, wearing multiple hats. For example, managing an internal ESG assessment while in parallel also supporting XTEL during its external ISO 27001 audit, and still staying on top of your day-to-day GRC tasks (following up on controls, review policies, responding to customer security questions, etc.).

• You think of GRC as more than just documentation and spreadsheets – you see it as a system to be optimized and improved with technology.

• You’ve supported or managed ISMS operations and understand what makes policies and procedures useful.

• You participated in or supported risk assessments.

• You’re organized, self-directed, and thrive in environments where you can take ownership.

Nice to have:

• Experience using GRC platforms such as Drata, Vanta, Secureframe, etc.

• Experience within Microsoft 365 and Azure environments.

• Experience with automation, low-code tools, or scripting to improve workflows and documentation processes.

Geographical Location:

• EU

• Open to remote or hybrid work arrangements

What We Offer:

• Hybrid or full remote working set-up (Technology center in Casalecchio di Reno, Bologna, Italy);🏡

• Flexible working hours;⌚

• Competitive Salary Package and Bonus scheme;💸

• A challenging role in a fast-growing AI-driven company; 🪄

• A diverse and international team with strong ownership and a can-do mentality.🌏

• Opportunities to contribute meaningfully to the organization’s growth and development.🚀

Equal Opportunities Statement:

If you have strengths to share, we’d love to hear from you. We value diverse backgrounds and experiences, so don’t hesitate to apply even if you don’t meet all criteria.

XTEL is an equal opportunity employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.