GRC and Security Lead (Europe Remote)

About Maisa

At Maisa, we''re solving enterprise AI''s biggest challenge: trust. We''ve created the first platform that enables enterprises to build reliable Digital Workers for automating knowledge work without production failures or traditional automation limitations. We''re pioneering Agentic Process Automation for regulated industries. From banking to healthcare, our Digital Workers deliver verified, traceable results that meet the strictest compliance requirements. Join us in transforming how enterprises work by making AI accountable for mission critical processes, turning Digital Workers into trusted team members, and empowering the people who know the work to finally automate it.Role Overview

We''re looking for a

GRC / Security Lead

to build and maintain trustworthy, compliant, and secure systems that our customers, partners, and auditors can rely on. This role sits at the critical intersection of technology, legal, and operations—ensuring we can not only build secure products but also prove our security posture to the world.You''ll be responsible for establishing our security foundation from the ground up, implementing compliance frameworks that scale with our growth, and

serving as the trusted face of security for our customers and partners . This role reports directly to the COO and will work closely with the leadership team across all areas.What You''ll Do

Governance (G): Policy, Structure and Ownership

Develop comprehensive security policies covering data classification, access management, vendor management, and incident responseCreate governance frameworks that align the entire organization around security best practicesDefine clear roles and responsibilities for information security processes across all teamsEnsure organizational alignment through employee onboarding, security awareness training, and comprehensive documentationRisk Management (R): Identification, Tracking and Mitigation

Conduct comprehensive risk assessments across infrastructure, vendor relationships, and internal processesOwn and maintain the enterprise risk register with detailed mitigation plans and timelinesExecute regular third-party vendor assessments for data security posture (including cloud providers like AWS, AI services like OpenAI APIs, and SaaS tools)Implement risk monitoring processes with regular reporting to executive leadershipCompliance (C): Controls, Audits and Evidence

Lead compliance certification initiatives (SOC 2, ISO 27001, GDPR) and industry-specific requirementsMaintain auditable evidence through logging, access reviews, vulnerability scanning, and control testingCoordinate with external auditors and manage relationships with compliance automation tools (Vanta, Drata, TrustCloud)Monitor and update data privacy and security controls across all organizational functionsEnsure continuous compliance through regular control assessments and gap analysisClient-Facing Security Support

Respond to security questionnaires and manage automated response systems to streamline the processServe as primary security contact for RFPs, due diligence processes, and vendor security reviewsHost security review calls with customers'' legal, IT, and procurement departmentsMaintain and update Trust Center content and security documentation for customer transparencySupport sales enablement through security collateral and competitive positioningWhat You Bring

Required Experience

3-5 years in security-focused operations, technical program management, or DevOps/InfrastructureDeep familiarity with compliance frameworks (SOC 2, ISO 27001, ISO 42001,GDPR, HIPAA)Experience with cloud security architectures and modern technology stacksProven track record managing multiple concurrent security initiativesCore Skills

Strong ability to interpret legal/regulatory requirements and translate them into technical controlsExceptional documentation and project management capabilitiesExcellent communication skills for technical teams, executives, and external stakeholdersAnalytical mindset for risk assessment and control effectiveness evaluationProficient or native language level: English (mandatory)Preferred Qualifications

Industry certifications (CISSP, CISA, CISM, or equivalent)Previous startup or high-growth company experienceExperience with AI/ML security considerations and data protectionBackground in customer-facing security roles or professional servicesWhat Success Looks Like

First 90 Days:Assess current security posture and identify immediate prioritiesEstablish foundational security policies and proceduresImplement compliance automation tools and begin consolidation and process developmentYear 1:Achieve SOC 2 Type II certificationBuild streamlined security questionnaire response processEstablish mature risk management program with executive reportingEnable rapid customer security reviews and onboardingYear 2:Achieve ISO 27001 and ISO 42001certification and additional compliance certificationsScale security processes to support significant business growthDevelop advanced customer security enablement capabilitiesBuild security into a competitive advantageWhy You''ll Love This Role

Direct Impact:

Build our security program from the ground up and see immediate resultsCustomer-Facing:

Work directly with customers and partners as the trusted face of securityStrategic Influence:

Report to the COO and influence company-wide security decisionsGrowth Opportunity:

Scale with the company and build a security team as we growCutting-Edge:

Work with modern compliance automation tools and emerging security technologiesWhat we offer

Competitive salary and meaningful equity participationProfessional development budget for certifications and trainingClear growth path with opportunity to build and lead a security teamCollaborative environment where your expertise directly shapes our ..... full job details .....