Security Governance, Risk & Compliance (GRC) Lead

As the GRC Lead within the Security function, you will be responsible for establishing and scaling security governance, compliance, and risk management practices across our 3 brands foodpanda, foodora and Yemeksepeti. 

The Security Function operates as a 1.5 line of defense within the organisation and the GRC team is accountable for defining and upholding the security posture across the organisation including local, regional and platform domains. 

You will act as a strategic partner to all functions within the organisation to ensure security and compliance requirements are embedded into technology delivery and operational processes.

This role will lead initiatives across areas such as:

• Information security governance
• Regulatory and audit compliance
• Technology and cyber risk management
• Security policy and control frameworks
• Third-party and vendor risk management
• Cloud and platform compliance
• Security awareness and control maturity
• Data and customer protection governance
• Operational resilience governance 

The ideal candidate combines strong communication skills, sound technical understanding with governance and stakeholder management capabilities, and is comfortable operating in fast-paced, cloud-native, AI-driven product engineering environments.

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Technology, Risk Management, or a related field
• 6+ years of experience in Governance, Risk & Compliance, Information Security, or Cybersecurity roles
• Strong knowledge of security frameworks and standards including ISO 27001, SOC 2, PCI-DSS, NIST, or CIS Controls 
• Experience working in cloud-native and modern engineering environments (AWS/GCP, CI/CD, DevSecOps)
• Familiarity with privacy and regulatory requirements across APAC and international markets
• Experience managing audits, certifications, and remediation programs
• Strong stakeholder management and communication skills across technical and non-technical audiences
• Strong verbal and written communication skills

Preferred Qualifications (Although not essential) 

• Relevant certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor
• Experience in e-commerce, marketplace, food delivery, fintech, or high-scale consumer platforms 
• Exposure to AI governance, cloud security governance, or software supply chain security
• Experience leading regional or global GRC initiatives across distributed teams

Why Join Us

• Opportunity to shape security governance across globally recognized digital platforms
• Work closely with modern engineering, cloud, and AI-driven technology environments
• Regional exposure across diverse markets and regulatory landscapes
• Collaborative, fast-moving, and impact-driven culture
• Ability to influence how security scales within one of the world’s leading local commerce platforms
• We are dedicated to bringing our full-time pandas a suite of inclusive, flexible and competitive benefits that support a fulfilling experience at foodpanda 

What we offer:

• A dynamic and challenging work environment.
• A company committed to developing you personally and professionally.
• A great working atmosphere with regular company and team events.
• A vibrant and international team committed to diversity and inclusion.
• Responsibility from day one in a fast growing and global company.
• Other benefits include free food, health and dental insurance, and learning and development opportunities!

foodpanda is operated by Delivery Hero Group (“DH Group”) - the world’s leading local delivery platform, operating in 70+ markets across Asia, Europe, Latin America, the Middle East, and Africa. Delivery Hero started as a food delivery service in 2011 and now employs 40,000+ people globally. Additionally, Delivery Hero is pioneering quick commerce, the next generation of e-commerce, aiming to bring groceries and household goods to customers in under one hour and often in 20 to 30 minutes. Headquartered in Berlin, Germany, Delivery Hero has been listed on the Frankfurt Stock Exchange since 2017.

In July 2024, Delivery Hero SE merged three of its market-leading food delivery businesses, foodora and Yemeksepeti in Europe, and foodpanda in Asia. All three businesses now make up the second-largest organization within the Delivery Hero Group, and leading food and QCommerce delivery in 18 markets in both regions.