Junior/Medior Security Compliance Specialist (GRC, Info-Sec)

Groupon is a marketplace where customers discover new experiences and services everyday and local businesses thrive. To date we have worked with over a million merchant partners worldwide, connecting over 16 million customers with deals across various categories. In a world often dominated by e-commerce giants, we stand out as one of the few platforms uniquely committed to helping local businesses succeed on a performance basis.

Groupon is on a radical journey to transform our business with relentless pursuit of results. Even with thousands of employees spread across multiple continents, we still maintain a culture that inspires innovation, rewards risk-taking and celebrates success. The impact here can be immediate due to our scale and the speed of our transformation. We're a "best of both worlds" kind of company. We're big enough to have the resources and scale, but small enough that a single person has a surprising amount of autonomy and can make a meaningful impact.

Securing a Global Ecosystem with AI & Technical Grit

Are you tired of "check-the-box" compliance? We are looking for a GRC Specialist who understands that real security happens at the intersection of technical architecture and global regulation.

As a key defender of our data integrity for 49 million global customers, you won’t just be managing spreadsheets. You will be the primary gatekeeper for our third-party ecosystem and the architect of a security-first culture. In this role, we embrace an AI-first approach, leveraging automation and AI-driven insights to streamline risk analysis, answer complex data queries, and move at the speed of modern e-commerce.

The Impact You Will Make

• Own Third-Party Trust (TPRM): Independently lead 5–10 vendor security assessments per month. You’ll dive deep into SIG questionnaires and technical evidence—evaluating EDR deployment, Firewall logic, and Encryption (at rest/transit)—to ensure our partners meet our rigorous standards.
• Architect Compliance: Lead the charge for PCI-DSS and NIS2 audit readiness. You’ll translate complex EU/UK/US regulatory requirements into actionable engineering tasks.
• Modernize Policy: Research and draft updates for our Information Security Policy library, ensuring we are always aligned with ISO 27001 and NIST standards.
• Master the Tools: Act as the power user and administrator for OneTrust, optimizing workflows to make compliance a seamless part of the business.
• Influence Culture: Beyond basic training, you will create engaging, high-impact security awareness content and phishing simulations via the Saba platform.

What You Bring to the Team

• Experience: 1–3+ years in IT Risk, Audit, or GRC (preferably within Fintech, E-commerce, or highly regulated industries).
• Technical Literacy: You can speak the language of engineers. You understand cloud security (AWS/GCP), network controls, and vulnerability management.
• Regulatory Fluency: Deep, hands-on knowledge of GDPR, PCI-DSS, and NIS2.
• Analytical Skepticism: You look past "Yes/No" answers to find the actual underlying risk.
• The AI Mindset: You are eager to utilize AI tools to automate documentation, research complex regulatory changes, and improve GRC efficiency.
• Communication: Fluent English (C1+) with the ability to explain technical hurdles to non-technical stakeholders (Legal, HR, Procurement).

Why Join Us?

We value Ownership and Accountability. In our team, you manage your day and your projects with minimal supervision. We offer a flexible, global environment where the security team works across time zones (GMT-6 to GMT+5) and values innovation over bureaucracy.

Ready to own the front line of global security? Apply today.

Groupon is an AI-First Company
We’re committed to building smarter, faster, and more innovative ways of working—and AI plays a key role in how we get there. We encourage candidates to leverage AI tools during the hiring process where it adds value, and we’re always keen to hear how technology improves the way you work. If you’re passionate about AI or curious to explore how it can elevate your role—you’ll be right at home here.

Groupon’s purpose is to build strong communities through thriving small businesses. To learn more about the world’s largest local e-commerce marketplace, click here. You can also find out more about us in the latest Groupon news as well as learning about our DEI approach. If all of this sounds like something that’s a great fit for you, then click apply and join us on a mission to become the ultimate destination for local experiences and services.

Beware of Recruitment Fraud: Groupon follows a merit-based recruitment process without charging job seekers any fees. We've noticed an increase in recruitment fraud, including fake job postings and fraudulent interviews and job offers aimed at stealing personal information or money. Be cautious of individuals falsely representing Groupon's Talent Acquisition team with fake job offers. If you encounter any suspicious job offers or interview calls demanding money, recognize these as scams. Groupon is not responsible for losses from such dealings. For legitimate job openings (and a sneak peek into life at Groupon), always check our official career website at Groupon Careers