• Maintain and improve information security policies, standards, procedures, control documentation, and related governance materials. • Help map policies and controls to frameworks such as SOC 2, ISO 27001/27002, HITRUST, NIST CSF 2.0, and other customer, regulatory, or security requirements. • Support policy exceptions, risk acceptances, remediation tracking, control owner follow-ups, and recurring governance workflows. • Support SOC 2, ISO 27001, and HITRUST readiness, audit preparation, evidence collection, auditor coordination, and audit response management. • Maintain recurring evidence-gathering and control testing workflows, helping ensure controls operate consistently across the business. • Track audit findings, control gaps, remediation plans, owners, due dates, and closure evidence. • Support risk assessments, control gap assessments, internal reviews, and maintenance of the risk register. • Translate technical and security risks into clear business language, including mitigations, ownership, timelines, and residual risk. • Own or support customer security questionnaires, RFP security sections, due diligence requests, and trust or compliance documentation. • Maintain reusable questionnaire content, approved responses, compliance artifacts, and customer-facing assurance materials. • Support employee security awareness programs and create clear internal guidance for policies, controls, and compliance responsibilities. • Support vendor security reviews, third-party risk assessments, remediation tracking, risk acceptance documentation, and vendor compliance evidence. • Use GRC platforms such as Vanta, Drata, Thoropass, Secureframe, or similar tools to improve evidence collection, control monitoring, task tracking, reporting, and repeatable compliance operations.

• Monitor and interpret gambling regulations across multiple jurisdictions. • Support licensing activities, audits, regulatory filings, and reporting. • Coordinate responses to regulators and maintain compliance records. • Advise internal teams on compliance obligations and regulatory requirements. • Lead and maintain the company’s data protection framework and GDPR compliance. • Improve privacy processes, policies, and internal controls.

• Hire, mentor, and develop a team of SMEs covering commercial frameworks, government frameworks, test authoring, framework quality uplift, and framework maintenance — planning for current and future capacity needs, setting the bar for technical depth and content quality, and preparing high performers for broader scope • Build a stable, motivated team environment with clear operating rhythms, delegating effectively to grow ownership and capability, and partnering with your leader and People Business Partner to spot and address team health issues early • Connect the team's roadmap and content priorities to Vanta's broader product and company strategy, anticipating near-term shifts in customer needs, regulatory landscape, and product direction, and adjusting focus to keep the team aligned • Create open feedback loops within the team and adapt how you communicate priorities, decisions, and risks across different audiences — from individual contributors to engineering, GTM partners, customers, and executives • Lead the team through change with steadiness while holding yourself and them accountable for commitments — communicating progress and risks proactively, addressing misses directly, and creating an environment where mistakes are treated as learning opportunities rather than blame • Own and govern Vanta's framework release process end-to-end, partnering with Product and Engineering to define the playbook for how new frameworks, framework updates, automated tests, crosswalks, and content are scoped, built, reviewed, and shipped • Drive the program management work that surrounds GRC content — including new framework launches, framework updates, update notes, customer escalations, content and test requests, PMM material reviews, and licensing and pricing input • Track team performance and report KPIs and metrics to security and product leadership, including framework release velocity, content quality, adoption, time-to-evidence, and customer impact • Break down ambiguous and competing priorities — across framework launches, framework updates, test authoring, and quality uplift — into clear, actionable decisions, balancing customer demand, market opportunity, and engineering capacity, and escalating complex tradeoffs with context and a recommended path forward • Lead the quality uplift effort for older commercial frameworks, ensuring Vanta's full library meets a consistent and modern standard for control wording, evidence specificity, and testing method • Set direction for the team's work on crosswalks and mappings across security and privacy frameworks, including canonical control IDs, mapping confidence, and evidence data dictionaries, and partner with Engineering to operationalize them in-product • Steer the team's contribution to the broader GRC product surface — risk management, issue and corrective action management (POA&M), policy management, access reviews, Trust Center, and third-party risk management • Partner with Product Management and Design to ensure SMEs are effective product advisors across discovery, PRD authoring, UI/UX review, and usability testing • Champion AI-assisted compliance on the team — coaching SMEs to translate domain knowledge into machine-readable specs, evaluation sets, and guardrails, and partnering with Engineering and ML to ship LLM-powered guidance and automation • Partner with Sales, Customer Success, and Product Marketing to represent the framework portfolio externally and contribute to pricing, packaging, and licensing conversations (including frameworks such as HITRUST) • Serve as a senior escalation point for customer issues related to framework content, scoping, and interpretation • Provide input and feedback on the development of GRC product features that depend on the team's content and expertise

Title: Quality and Compliance Specialist Location: Breda Netherlands Full time Remote   Join Thermo Fisher Scientific in ensuring the highest quality standards across our operations. As a Quality and Compliance Specialist, you will maintain regulatory compliance and drive continuous improvement of quality systems to support our mission of enabling customers to make the world healthier, cleaner and safer.   This role involves collaborating with cross-functional teams, working closely with the Senior Quality Manager, the IES (Instrument & Enterprise Services) EMEA Quality Team and regional management teams and the global quality organisation to investigate quality issues, conduct audits, supplier oversight, manage nonconformities, complaints, deviations, training and implement corrective actions while fostering a culture of quality excellence throughout the organization across the commercial sites in the Netherlands, Denmark, Sweden, the UK and Belgium while assisting local quality administrators and coordinating site-level quality reporting.   In this key role you will   - Develop and maintain the data infrastructure for the IES EMEA Quality Team, manage SharePoint sites, workflows and reporting tools, as well as manage document control. - Develop and maintain required certifications for IES sites in scope (ISO 9001:2015/ISO 17025), ensuring alignment with EMEA, European and global quality programmes. - Support quality management needs for IES Enterprise Services in the countries in scope and process continuous improvement initiatives. - Communicate and coordinate quality-related activities with local management teams, employees, suppliers and customers. - Create and maintain documentation and quality tools on SharePoint. - Support quality agreements and service agreements with vendors/suppliers. Requirements:   - Advanced Degree plus 3 years of experience, or Bachelor's Degree plus 5 years of experience in quality assurance/quality control within regulated industries (pharmaceutical, medical device, biotech preferred) or equivalent experience (e.g. in Engineering, Quality) - Preferred Fields of Study: Life Sciences, Engineering, Chemistry, Biology or related technical field - Strong knowledge of EU or USA GMP and GLP regulations plus IQ, OQ, PQ (minimum 3 years proven experience), ISO standards (9001/13485/17025) and other relevant quality system requirements - Confirmed experience with quality management systems, CAPA processes, deviation management and change control, trained as internal auditor or having extensive experience of auditing - Demonstrated expertise in root cause analysis, investigation techniques and corrective action implementation - Proficiency in statistical analysis, data trending and quality metrics reporting - Strong technical writing skills for authoring SOPs, investigation reports and other quality documentation - Experience conducting and hosting internal/external audits and regulatory audits - Advanced problem-solving abilities and attention to detail - Excellent verbal and written communication skills, fluency in English with additional proficiency in Dutch and/or German preferred - Strong interpersonal skills with ability to collaborate across functions and levels - Proficiency with quality systems software (Document Control Systems) and extended knowledge in Microsoft Office applications, including SharePoint and Ms Teams - Strong commercial competence and customer-centric approach, with great interpersonal skills and the ability to work independently - May require up to 40% travel - Knowledge of risk assessment methodologies and continuous improvement tools