Gorilla logo

Security and Compliance officer

NewGet help on your job search

Need help in your climate job search? Dive deep into climate with Terra.do’s 12-week climate bootcamp course.

Terra.do has partnered with ClimateTechList to give ClimateTechList users a 15% discount for its flagship Climate Change: Learning for Action program.

Job Description

We're at a turning point in history. Climate change is changing the world faster than ever before. Utilities will play a crucial role in the transformation of our society to fight climate change and become carbon-neutral, while at the same time making sure people and businesses can continue to use energy supply like they've been used to for so many years.

At Gorilla, we're determined to not stay aside, but to make a real impact on the utility industry by providing data services that allow utilities to play the role they need to play in the quest for a net-zero society. By building something that solves a real problem, and by being the best at what we do.

Your role

As a Security and Compliance officer you are passionate about Energy Tech and eager to contribute to a scale-up as Gorilla. You are a versatile Security and Compliance Officer and pivotal to our commitment to robust security and compliance practices. You'll thrive wearing multiple hats, bringing your expertise not only to strategic security and compliance initiatives but also diving into hands-on IT and compliance functions. You are an essential part of taking our ambitions to the next level.

Your responsibilities

  • Develop and oversee the migration to the latest version of ISO 27001, ensuring our security practices meet contemporary standards and integrate smoothly with our existing processes.
  • Maintain PII, legal, supplier and client registers, manage supplier onboarding and perform risk assessments.
  • Keep our continuous improvement process for our ISMS up and running and be the SPOC for the organisation, auditors and external parties..
  • Evaluate and assess other compliance programs, such as SOC 2 Type II or B-CORP, and take the lead in the implementation including definition of controls and ensuring the adherence to reporting requirements.
  • Provide operational IT support from a security perspective, including executing access requests, managing authentication and authorisation in IT systems.
  • Evaluate, select, and maintain security tools and software, building relationships with vendors, and negotiating contracts to support the startup’s technological growth.
  • Assist with IT buying decisions by assessing the security implications of new software and hardware, and ensuring compatibility with existing systems.
  • Design and implement secure tool configurations and integration workflows that maintain data integrity and support operational efficiency.
  • Support functional configuration of tools and integration workflows that meet business functional requirements.
  • Conduct regular security assessments and IT support audits to proactively address vulnerabilities and ensure continuous system and network security.
  • Drive the development of security and IT support policies, and deliver training and guidance to all staff to foster a culture of security awareness and best practices.
  • Assist in due diligence procedures during fundraising rounds or during (client) audits.

Requirements

  • Proven experience as a CISO, ideally in a startup environment, with direct responsibility for information security, compliance, and IT support.
  • Familiarity with the requirements and processes involved in ISO 27001 and SOC 2 compliance standards, with practical experience in managing (one of) these frameworks.
  • Familiarity and/or affinity with other compliance programs such as ISO 9001, ISO 14001, B Corp...
  • Relevant certifications (CISSP, ISO 27001 Lead Auditor/Implementer, etc.) are desirable; or a desire to obtain them a requirement.
  • Strong technical background with hands-on experience in IT support, systems administration, and security tools.
  • Bachelor’s or master’s degree in Computer Science, Information Systems, or a related field; or equivalent professional experience.
  • Excellent problem-solving skills, the ability to make informed decisions quickly, and the agility to handle multiple tasks in a fast-paced startup environment.

Benefits

You become part of an ambitious organisation and an enthusiastic team with a mindset to win! As Gorilla is growing at an incredible pace, you can leave your mark – growing alongside Gorilla.

We actively challenge ourselves and our colleagues, in order to always improve our skills, methodology and capabilities. Lifelong learning is essentially embedded in our organisation, and we care about your individual dreams and ambitions, beyond just work.

On top of that, our remuneration approach is clear and no-nonsense, just like our feedback culture and personal development approach. You’ll be able to join a team from wherever you’d like to work – equipped with the best technology for remote work. We’ll provide access to an office space near you whenever you like, as well as frequent travels to meet your colleagues in person, making sure you’ll never feel lonely.

Apply to Job

👉 Please mention that you found the job on ClimateTechList, this helps us get more climate tech companies listed here, thanks!

Get a referral to Gorilla

If possible, try to get a warm intro/referral to Gorilla before applying! Do a LinkedIn search to see who you may know at the company. See this LinkedIn post from Steven for more details on this tactic.

All job openings from Gorilla

Join ClimateTechList Talent Collective

Want to be matched with companies directly? Apply to the talent collective.

Here's how it works:

  1. You submit an application

  2. We'll share your profile with climate tech companies potentially interested in chatting with you

  3. We'll reach out if there's a company interested in talking to you.

Join ClimateTechList Talent Collective

Want to be matched with companies directly? Apply to the talent collective.

Here's how it works:

  1. You submit an application

  2. We'll share your profile with climate tech companies potentially interested in chatting with you

  3. We'll reach out if there's a company interested in talking to you.