At Freepik, we empower millions of professionals and organizations worldwide with AI-driven creative tools. As we continue to scale globally, maintaining the highest standards of Security, Governance, Risk, and Compliance (GRC) is essential to protecting our users, our data, and our platform.
We’re looking for a GRC Analyst – Tech Security to help strengthen and oversee our security and business continuity frameworks. You’ll support certifications, conduct risk assessments, and ensure ongoing compliance with standards like ISO 27001, SOC 2, ISO 22301, and TISAX — playing a key role in safeguarding Freepik’s security posture as we grow.
If you’re passionate about cybersecurity, governance, and building scalable processes in a fast-paced tech environment, this role is for you.
Your mission will be to ensure regulatory and operational compliance across Freepik’s Information Security and Business Continuity programs by managing, monitoring, and continuously improving our GRC framework.
You’ll collaborate closely with Security, Legal, Engineering, and Enterprise teams to maintain certifications, support audits, evaluate risks, and enhance our controls.
Que haras en tu dia a dia
Maintain and improve the Information Security Management System (ISMS) aligned with ISO 27001, SOC 2, and TISAX.
Support the Business Continuity Management System (BCMS) following ISO 22301.
Coordinate internal and external audits, collecting evidence and managing non-conformities.
Ensure ongoing compliance with security and continuity controls.
Update and maintain policies, procedures, and related documentation.
Participate in risk assessments for security and continuity.
Follow up on risk treatment plans and corrective actions.
Ensure proper classification, protection, and handling of information across the company.
Collaborate closely with the Legal Department on governance and compliance matters.
Support third-party risk assessments (due diligence) and monitor sub-processors.
Verify that relevant suppliers meet required security and continuity controls.
Track and analyze KPIs and compliance metrics.
Prepare regular reports for the Head of Security on the status of the GRC program.
Follow up on security incidents and conduct process audits.
Participate in meetings with enterprise clients, addressing questions on Freepik’s security posture, certifications, controls, and GRC processes.
Collaborate with Sales and Support teams to provide technical responses, security documentation, and compliance questionnaires.
1–2 years of experience in compliance, information security, auditing, GRC, or managing standards such as ISO 27001, SOC 2, etc.
Strong understanding of security frameworks, risk management, and governance.
Spanish and English (C1 minimum) — ability to communicate professionally with global teams and enterprise clients.
Education in GRC, internal auditing, risk management, cybersecurity, or related fields.
Certifications such as ISO 27001 Lead Implementer/Auditor, ISO 22301 Lead Implementer/Auditor, CISM, CRISC, CISSP, or similar.
Experience managing or maintaining ISMS/BCMS systems or participating in audits.
Remote-friendly work environment
Private health insurance 🩺
23 vacation days + December 24th and 31st off
Birthday day off 🎂
Flexible hours and work–life balance
Continuous learning opportunities
Growth paths within a global tech environment
Proudly a Great Place to Work — 93% of employees say Freepik is an amazing workplace 💥
If you’re passionate about security, governance, and driving operational excellence, we want to hear from you.
Apply now and help shape the future of security at Freepik.