Working at bosal is not a job, it is a journey.during this journey you will be inspired by our leaders and you will be supported by our experienced mentors and coaches. At bosal we empower people, we make quick decisions while offering a safe and inclusive working environment.bosal groupbosal is a dutch privately owned company, mainly known as a global tier 1 automotive supplier, in business since 1923. We employ about 2200 people in 16 production facilities of which the largest ones are situated in czechia, mexico, turkey, brasil, us and south africa. Our corporate research center is based in belgium, next to that we run 5 other r&d satellites worldwide.currently we are looking for a security grc specialist in querétaro (mexico):as a security grc specialist, you will be responsible for establishing, maintaining, and continuously improving the organization's information security governance framework. You will own and manage the information security management system (isms), ensuring that security policies, processes, and controls are effectively implemented and aligned with organizational objectives.in this role, you will lead the organization in preparing for and achieving tisax al3 certification, guiding stakeholders through the certification process and ensuring compliance with all relevant requirements. You will ensure that the organization's security practices align with regulatory obligations, contractual commitments, and internal security standards.your responsibilities:- you will own and operate the isms and tisax framework. - define and maintain security policies, standards and procedures. - manage the grc platform eramba, including the control framework, risk register and evidence repository. - define and maintain the tisax scope covering systems, processes, assets, suppliers, and third parties. - coordinate risk assessments, risk treatment plans and risk exception processes. - provide governance recommendations to management, including risk acceptance and prioritization. - define governance requirements for asset management, logging & monitoring and vulnerability management. - coordinate internal audits and readiness assessments. - act as the primary interface with external auditors and assessors. - track remediation actions and report on the organization's security posture to management. - ensure governance controls remain effective and audit-ready.your profile:skills:- experience with grc platforms, preferably eramba. - strong knowledge of isms frameworks, such as tisax and iso/iec 27001. - expertise in risk management methodologies and risk assessment processes. - ability to design and implement policies, controls, and governance frameworks. - experience in audit coordination, evidence management, and compliance reporting.experience:- 5+ years in information security governance, risk, or compliance. - proven experience with iso/iec 27001 and/or tisax. - experience in hybrid it environments (on-premises and cloud). - experience liaising with auditors, assessors, and regulators.do you have an entrepreneurial mindset and do you want to invest in your career? Then we offer an inspiring job in an unique environment with an interesting remuneration package with additional benefits.more information?Are you interested or do you want more information about this position? Then apply via the linkedin apply button.