SCOR

GRC Officer

SCOR  •  Kingdom of the Netherlands (Onsite)  •  4 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

This role ensures continuous compliance with applicable security and privacy frameworks (ISO 27001/2022, ISO 27018, SOC 2) and evolving regulatory obligations (EU AI Act, NIS2, DORA) while acting as the primary liaison with auditors, Legal, Business Development, Cloud, and data protection stakeholders. The role owns control frameworks, policy governance, risk management, and compliance initiatives.

1. Security, Privacy & Compliance Frameworks

  • Own and maintain governance, documentation, and control frameworks across ISO 27001/2022, ISO 27018, SOC 2, and other applicable standards, ensuring continuous audit readiness.
  • Manage core control artefacts including the Statement of Applicability (SOA), risk assessments, mitigation plans, control ownership mapping, audit plans and control effectiveness reviews.
  • Automate and streamline evidence collection process across control areas and maintain evidence repositories and tooling (e.g., Vanta/OneTrust) to support internal and external audits.
  • Plan, coordinate, and document internal audits and support external certification/attestation audits, including remediation tracking and reporting.
  • Act as the primary point of contact for external auditors and manage audit communications and reporting.

2. Risk Management, TPRM & Awareness

  • Conduct and maintain organizational risk assessments, risk reporting, track open risks, and oversee mitigation actions.
  • Establish, organize, and govern control frameworks incorporating requirements from multiple frameworks, ensuring stakeholder alignment and accountability across geographically distributed business entities.
  • Participate in thirdparty risk management activities, including vendor assessments and annual reviews.
  • Work closely with cross functional teams to identify risk areas and streamline client-facing processes to improve efficiency.
  • Automate and streamline handling of client due diligence questionnaires.
  • Own and maintain the SDS policy and procedure framework, ensuring annual reviews and updates. Communicate policies and changes organizationwide and support AI, security and privacy awareness initiatives.

3. Regulatory Compliance

  • Working with group compliance team to monitor both relevant Security/ Privacy/ Data Protection/ AI compliance related laws and regulations impacting the SDS (EU AI Act, NIS2, DORA).
  • Perform and maintain regulatory gap assessments for security, privacy & AI areas as needed and oversee implementation and validation of required controls for SDS products.
  • Coordinate with SCOR Group compliance initiatives to assess applicability and ensure timely adoption of regulatory requirements.

4. Data Protection & Privacy

  • Coordination with the local and group teams on data protection issues and to ensure sensitive data processing applications are compliant with local data protection laws and group data protection standard.
  • Supporting the completion and maintenance of the ‘record of processing activities’ / ‘inventory’ as per defined standards and local requirements to ensure compliance with record-keeping, transparency and accountability requirements under data protection laws.
  • Promote a culture of ‘data protection by design’, advising on whether Data Protection Impact Assessments are required for new projects or initiatives.
  • Support security and privacy training, awareness, and compliance selfassessments across the organization.
  • Coordinate handling of security and privacy incidents to ensure regulatory/ client reporting and root cause analysis by working closely with group data protection team.
  • Communication & influence: clear, concise communication with auditors, executives and stakeholders; ability to challenge constructively and drive accountability.
  • You are a thoughtful and responsible GRC professional - Someone who is proactive, eager to learn continuously, and comfortable seeking input and feedback.
  • GRC ownership: ability to design, implement, and continuously improve security, privacy, and compliance programs across multiple entities and geographies.
  • Framework expertise: strong working knowledge of ISO 27001/2022, ISO 27018, SOC 2, and how to map/normalize controls across standards.
  • Audit & assurance: end-to-end audit management (internal and external), evidence automation, remediation planning, and clear audit reporting.
  • Risk management: practical risk assessment, prioritization, and tracking; ability to translate risks into actionable mitigation plans and control improvements.
  • Regulatory awareness: ability to monitor, assess, and operationalize regulatory requirements (e.g., EU AI Act, NIS2, DORA) into policies, controls, and assurance activities.
  • Privacy & data protection: working knowledge of GDPR concepts including DPIAs, ROPA, incident handling, and coordination with the DPO.
  • Policy governance & awareness: strong capability to write, maintain, and socialize policies/standards; drive annual reviews and training/awareness initiatives.
  • Stakeholder & vendor management: effective collaboration with Legal, Business Development, Cloud/Engineering, and third parties; confident handling of client questionnaires and due diligence.
  • Tooling & documentation discipline: experience maintaining control/evidence repositories and workflows in tools such as Vanta and OneTrust (or equivalent), plus strong documentation practices.

Required Qualifications & Experience

  • 5+ years of experience in information security, compliance, or GRC roles (ideally in a regulated environment and/or technology/SaaS).
  • Strong handson experience with ISO 27001/2022, ISO 27018, and SOC 2 (control design/operation, evidence, and audit support).
  • Desirable: Experience with regulatory programs such as GDPR, EU AI Act, NIS2, or DORA.
  • Experience managing audits (internal and external) and regulatordriven programs.
  • Ability to work crossfunctionally with technical, legal, and business stakeholders.
  • Languages: professional working proficiency in English (written and spoken) to collaborate effectively with international stakeholders.
  • Travel: occasional travel may be required (e.g., to Paris and/or other SCOR locations) for audits, workshops, or stakeholder sessions.
  • Role type: individual contributor position with strong ownership and influence across teams (no direct people management).
  • Desirable: Certifications such as ISO 27001 Lead Implementer/Auditor, CISM, CISSP, or equivalent.

As a leading global reinsurer, SCOR offers its clients a diversified and innovative range of reinsurance and insurance solutions and services to control and manage risk. Applying “The Art & Science of Risk,” SCOR uses its industry-recognized expertise and cutting-edge financial solutions to serve its clients and contribute to the welfare and resilience of society in around 160 countries worldwide.

Working at SCOR means engaging with some of the best minds in the industry – actuaries, data scientists, underwriters, risk modelers, engineers, and many others – as we work together to find solutions to pressing challenges facing societies.

As an international company, our common culture is defined by “The SCOR Way.” Serving both to build momentum that drives the Group forward and as a compass to guide our actions and choices, The SCOR Way is anchored by five core values, reflecting the input of employees at all levels of the Group. We care about clients, people, and societies. We perform with integrity. We act with courage. We encourage open minds. And we thrive through collaboration.

SCOR supports inclusion and the diversity of talents, and all positions are open to people with disabilities.

SCOR

About SCOR

SCOR, one of the world's largest reinsurers, provides its clients with a diversified and innovative range of solutions to control and manage risk. Using its experience and expertise, “The Art & Science of Risk”, SCOR provides cutting-edge financial solutions, analytics tools and services in all areas related to risk – in Life & Health as well as in P&C.

The reinsurance industry is about combining technical expertise and experience with the developments of science. However many tools we use to conduct our activities (models, databases, pricing tools, reserving tools, and so on), we also need expert judgments and human experience to correctly underwrite. This is what we call the art of underwriting. Reinsurance is a knowledge industry. Expertise is an accumulation variable.

The most advanced tool will never replace the intuition of a seasoned underwriter facing a complex risk. Because at the end of the day, you have to make a decision, to sign, to underwrite. And what we have underwritten, we cannot overwrite - our word is our bond, as is our signature. This dimension of our business, linked to the art of underwriting, is more important than some observers would have people believe.

One way to acquire this art is to share experiences – both good and bad – and to share doubts and questions. Artists always belong to a school, from which they learn their craft.

Like artists, we have to learn, imitate, mimic, and then innovate, in order to find our own style and create our own distinctive work.

Industry
Finance & Insurance
Company Size
1,001-5,000 employees
Headquarters
Paris, FR
Year Founded
Unknown
Website
scor.com
Social Media