IT Security Specialist GRC (m/w/d)

Job Description

At Voltalia we are passionate about renewable energies! We are an electricity producer from wind, solar, hydro, biomass and storage and also a service provider to 3rd party clients such as Development, EPC, O&M and Distribution. Today we are in 20 countries, split among 4 continents, and offering a global operating capacity to our clients. We are listed on the regulated Euronext market in Paris since July 2014.

Our IT Security and Infrastructure Team is looking for an IT Security Specialist GRC.

The IT Security Specialist GRC (Governance, Risk, and Compliance) is responsible for overseeing governance, risk, and compliance aspects of information and cyber security. It plays a key role in promoting security best practices across VOLTALIA and requires support from Executive Committee Members, business managers, and IT leaders. Led by the Information Security Officer (ISO), this function has the following responsibilities:

Information and Cyber Security Strategy & Policy

• Assist the ISO in implementing the information and cyber security strategy and program.

Information and Cyber Security Risk Management

• Support the development and implementation of a risk management methodology aligned with VOLTALIA’s objectives, overall risk strategy, and regulatory requirements.
• Ensure alignment between information and cyber security risk management and VOLTALIA’s enterprise risk management framework.
• Provide guidance and support on information and cyber security risk management activities.
• Assess the effectiveness of security controls in IT and OT environments.
• Monitor information and cyber security risks by evaluating control implementation, asset vulnerabilities, threat landscapes, and security incidents.
• Report risk trends to Risk Owners and other relevant committees.

Security Standards & Architecture

• Develop and maintain security documentation, including standards, processes, procedures, guidelines, contractual clauses, and control catalogs.
• Design and maintain a unified IT and OT security architecture aligned with the overall security strategy.
• Establish a security architecture repository, including principles, terminology, security services, control frameworks, and reference models.

Security by Design

• Support first-line teams in identifying and addressing cyber security risks and requirements in new products, projects, processes, and services.

Security Awareness & Training

• Develop and implement security education, training, and awareness programs to foster security-conscious behaviors across IT and OT environments.

Audit & Compliance Support

• Provide evidence of risk oversight and control implementation for internal and external audits.
• Communicate the status and progress of the security program to key stakeholders.

Monitoring & Continuous Improvement

• Monitor compliance with security architecture and standards.
• Collect and analyze key performance and effectiveness metrics to support decision-making and inform the ISO.

Requirements

The ideal candidate will have/ be:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related.
• 3+ years of experience in Information Security GRC.
• Strong knowledge of security frameworks (e.g., ISO 27001, ISO27005, NIST, IEC 62443).
• Familiarity with regulatory requirements such as GDPR, NIS2, etc.
• Experience with risk management tools, compliance platforms, and security monitoring solutions.
• Experience conducting security audits and risk assessments.
• Understanding of IT security principles, cloud security, and network security.
• Certifications such as CRISC, CISA, ISO 27001 Lead Auditor/Implementer, ISO 27005 Risk Manager (preferred).
• Fluent English.
• Possible travel, mainly in Europe.

Key Skills

• Challenges-driven, rigorous, strong commitment, and investment.
• Excellent analytical and problem-solving skills with the ability to assess and prioritize security risks.
• Willing to develop new skills and competencies.
• Comfortable working with high autonomy and as a team player;
• High level of integrity and ability to handle sensitive and confidential information.
• Very well organized. Able to manage and prioritize time and multiple tasks efficiently, especially when operating under pressure or deadlines.
• Strong communication and collaboration skills to work effectively with cross-functional teams and external stakeholders. Know how to adapt your communication.
• Passionate about cybersecurity and staying up-to-date on the latest threats and trends.