Work with HelloFresh in Warsaw and its HelloTech organisation, HelloFresh’s global technology backbone with more than 1000 people, building the digital products that power our end-to-end food experience. From meal kits and ready-to-eat meals to specialty offerings like pet food and premium meat & seafood, HelloTech creates the platforms that bring tailored food solutions to millions of customers every month.

Our subscription-based, direct-to-consumer model relies on technology at every step, from customer-facing apps and personalization logic to pricing, forecasting, supply chain optimization, and initiatives that help reduce food waste. While our brands operate independently to serve distinct customer needs, they are united by shared platforms, data, and operational excellence built by HelloTech.

HelloTech works in autonomous, cross-functional alliances, each owning a specific product or domain end to end. By working with our Warsaw office, you will help shape scalable, data-driven products used across our markets, working with a modern tech stack and international teams to continuously improve how people discover, order, and enjoy HelloFresh’s products, today and in the future.

About the role: What's in the Box

The service provider will contribute to the Governance, Risk & Compliance (GRC) function within HelloTech, focusing on the implementation and maintenance of information security compliance and certification programs. This engagement involves providing specialized services to ensure alignment between technical systems and global regulatory frameworks, supporting data protection initiatives, and managing third-party vendor risk assessments to safeguard the HelloFresh ecosystem.

What you’ll do: The Recipe

• Lead end-to-end compliance readiness for NIS2 and provide alignment services across key frameworks including PCI DSS, CSRD, ISO/SOC, and the EU AI Act.

• Plan and execute internal control assessments and coordinate external compliance audits on a defined cadence.

• Translate regulatory requirements into practical controls and drive cross-functional implementation across international technical units.

• Manage remediation processes by tracking findings, evidence, and deadlines, providing regular status reports to primary stakeholders.

• Enhance GRC maturity through continuous monitoring, comprehensive documentation, and technical guidance for other contributors.

• Evaluate and validate the design and operational effectiveness of security policies, standards, and internal controls to mitigate compliance risk.

• Develop accurate technical reports and presentations regarding the compliance landscape for executive and technical stakeholders.

What you’ll bring: The Ingredients

• 3+ years of experience delivering compliance services in a corporate environment focused on IT General Controls (ITGC), SOC 2, ISO 27001, PCI DSS, and EU NIS2.

• Profound knowledge of data privacy directives including GDPR and CCPA/CPRA.

• Proven ability to interpret complex compliance regulations and map them to specific system implementations and security frameworks.

• Experience supporting third-party risk management programs and data privacy operations.

• Expertise in developing and executing security awareness initiatives and technical training modules.

• Strong organizational skills with the ability to provide services independently in a high-growth environment.

• Prior experience providing services within SaaS environments, specifically involving Cloud and AWS infrastructure.

• Industry certifications such as CISA, CISM, or CISSP are highly regarded.

Above all, we are looking for individuals who will make HelloFresh better. We believe there are many different ways of developing skills and we love diverse experiences! So even if you don’t “tick all the boxes” but think you’d thrive in this role, we would really like to learn more about you.

What we offer: The Toppings

• Global collaboration at scale: Collaborate with experienced engineers and product partners across HelloTech’s international teams, in a culture of active knowledge sharing.
• Technology with real-world impact: Build and operate modern systems at global scale, supporting 6+ millions of customers and complex supply chain operations.
• Technical/Product/Design leadership: Drive best practices and influence architecture/design, quality, and ways of working in an autonomous, product-led setup.
• End-to-end development/delivery: Drive decisions from problem definition to production, improving systems and enabling long-term scalability.
• Access to workspace at Warsaw Centre Point. The hub offers modern facilities including showers, breakout zones, outdoor space, cycle parking, and refreshments (coffee, soft drinks, and fruit).

Are you the missing ingredient? If this sounds like a tasty opportunity, we’d be excited to hear from you.  We aim to review your profile and respond within 5 business days.

The role

We’re looking for a new teammate who will support the implementation and ongoing maintenance of information security compliance and certification programs, working with cross-functional internal teams and external auditing agencies. The person will also support data protection, data privacy, and third-party vendor risk management functions.

The position will be part of the Governance, Risk & Compliance (GRC) team at HelloFresh that is responsible for creating, maintaining and improving HelloFresh’s security risk management program and remediation activities; information security and data privacy related processes, policies, and guidelines; supporting compliance and certification related activities; and driving security awareness and education.

Above all, we are looking for people who will make HelloFresh better. We believe there are many different ways of developing skills and we love diverse experiences! So even if you don’t “tick all the boxes” but think you’d thrive in this role, we would really like to learn more about you.

What you’ll do

• Lead end-to-end compliance readiness for NIS2 and support alignment across other key frameworks (e.g., PCI DSS, CSRD, ISO/SOC and EU AI Act).
• Plan and execute internal control assessments and coordinate external compliance audits on a defined cadence.
• Translate regulatory requirements into practical controls; drive cross-functional implementation across international teams.
• Own remediation management: track findings, evidence, owners, deadlines, and report status to stakeholders.
• Improve GRC maturity through continuous monitoring, clear documentation, and mentoring junior team members.
• Lead internal assessments and coordinate external compliance audits at planned intervals
• Evaluate and validate the design and operational effectiveness of security policies, standards, and internal controls to help reduce compliance risk in the company
• Develop comprehensive and accurate reports and presentations on the compliance landscape for both technical and executive audiences

What you’ll bring

• 3+ years' experience in performing compliance activities in a corporate environment related to IT General Controls (ITGC), SOC 2, ISO 27001, PCI DSS, EU NIS2, and various data privacy directives (GDPR, CCPA/CPRA, etc.)
• Ability to interpret compliance regulations and map them to the actual implementation of systems, whilst referencing various security frameworks
• Experience supporting data privacy regulations (GDPR, CCPA) and third-party risk management programs
• Experience with developing and executing security awareness programs and trainings
• Highly organized and detail-oriented, with an ability to work independently
• Industry compliance certifications (CISA, CISM, CISSP) are a plus
• Prior experience working in a SaaS environment, mainly Cloud and AWS-based

What we offer

Elevate your lifestyle! Join one of Europe's fastest-growing tech powerhouses in a dynamic phase of expansion.

• Immerse yourself in a diverse global community of 90+ nationalities.
• Enjoy a competitive compensation package that goes beyond the norm, with perks like a HelloFresh- subsidized Pension Scheme, Berlin relocation support, and a Hybrid working model.
• Elevate your lifestyle with exclusive discounts on your weekly HelloFresh box and office meals.
• Invest in your growth with a German language learning budget, and access to the HelloFresh Academy.
• Plus, we've got your well-being covered with mental health support, transportation perks, and working-parent-friendly benefits. From our 24/7 gym access,wellbeing platforms like Headspace and Spill, to sabbatical leave options, HelloFresh is not just a workplace; it's a lifestyle of perks and possibilities!

Change the way the world travels

Join the GetYourGuide journey to connect people with unforgettable travel experiences around the world. Millions look to us for unique activities they can trust, and it’s all powered by our commitment to make every single journey extraordinary - including yours. 

Ready to unlock your potential with a community of fellow explorers? Find your next role at our Berlin HQ or one of our local offices around the globe, from New York to Bangkok. Head to getyourguide.careers to take the first step.

Your mission

• As a Security Analyst at GetYourGuide, you'll play a key role in advancing detection and response capabilities and shaping the SOC technical roadmap as the SIEM platform matures.
• Lead end-to-end incident investigations and response, including detection development, automation, and triage optimisation.
• Design and enhance SIEM detections, onboard new log sources, and improve signal quality and response speed.
• Conduct proactive threat hunting, track emerging threats, and translate intelligence into actionable detections.
• Partner cross-functionally with Engineering, SRE, Infra, Legal, Data and IT to resolve root causes, support deployments and maintain strong security posture.
• Strengthen processes by improving IR runbooks, documentation, tabletop exercises and contributing to broader SOC and security strategy.

Your toolkit

• 3–7+ years experience in SOC, IR, CSIRT or threat detection
• Strong experience with SIEM and log analysis
• Deep understanding of attack techniques (MITRE ATT&CK)
• Strong analytical and investigative skills
• Experience with cloud (AWS) security
• Ability to lead complex investigations end-to-end

Extras that give you an edge

• Forensics experience
• Scripting/automation proficiency (Python, bash, Lambda, etc.)
• Experience with Okta/Auth0, Cloudflare, GitHub security logs
• Experience with distributed systems logs (microservices)

How we’ll make your career journey extraordinary

• Annual personal growth budget and mentorship programs for continuous learning and development
• Work from anywhere in the world for 30 days per year
• A hybrid working approach with three days of in office collaboration (Mon, Tue, Thur) and two days of optional at home focus time.
• Opportunities to collaborate and socialize with team members through quarterly team events and yearly company-wide events
• Monthly transportation and fitness budget
• Discounts for you, your friends, and family on GetYourGuide activities
• Language reimbursement program
• Health and wellness benefits

And more…

How to apply

Submit your CV/resume in English using the form below. For tips and insights into our hiring process and culture, check out ‘how we hire’ and ‘life at GetYourGuide’. If you have any further questions, please don’t hesitate to get in touch at jobs@getyourguide.com.

We’re an equal opportunities employer

Our commitment is that every qualified person will be evaluated according to their skills regardless of age, gender identity, ethnicity, sexual orientation, disability status, or religion. Please refrain from including your picture and age with your application. 

#LI-Hybrid