Senior GRC Analyst (m,f,x)

The role

We’re looking for a new teammate who will support the implementation and ongoing maintenance of information security compliance and certification programs, working with cross-functional internal teams and external auditing agencies. The person will also support data protection, data privacy, and third-party vendor risk management functions.

The position will be part of the Governance, Risk & Compliance (GRC) team at HelloFresh that is responsible for creating, maintaining and improving HelloFresh’s security risk management program and remediation activities; information security and data privacy related processes, policies, and guidelines; supporting compliance and certification related activities; and driving security awareness and education.

Above all, we are looking for people who will make HelloFresh better. We believe there are many different ways of developing skills and we love diverse experiences! So even if you don’t “tick all the boxes” but think you’d thrive in this role, we would really like to learn more about you.

What you’ll do

Lead end-to-end compliance readiness for NIS2 and support alignment across other key frameworks (e.g., PCI DSS, CSRD, ISO/SOC and EU AI Act).

Plan and execute internal control assessments and coordinate external compliance audits on a defined cadence.

Translate regulatory requirements into practical controls; drive cross-functional implementation across international teams.

Own remediation management: track findings, evidence, owners, deadlines, and report status to stakeholders.

Improve GRC maturity through continuous monitoring, clear documentation, and mentoring junior team members.

Lead internal assessments and coordinate external compliance audits at planned intervals

Evaluate and validate the design and operational effectiveness of security policies, standards, and internal controls to help reduce compliance risk in the company

Develop comprehensive and accurate reports and presentations on the compli