At e-conomic, we build accounting software that +250,000 companies rely on every single day. That trust comes with a great responsibility - and that's where our Governance, Risk and Compliance (GRC) team steps in, working to prevent cyber security threats, protect our data, and uphold that trust.

We’re looking for a curious, structured, and proactive Student Assistant eager for hands-on experience in information security, privacy, and risk management. If you enjoy creating structure and are interested in governing the administrative processes that keep our security and privacy records accurate, this role offers a chance to make a visible and tangible impact.

Your impact

In this role, you’ll play a key part in keeping e-conomic secure and compliant by supporting the governance operations of our privacy and information security management, ensuring that our documentation remains accurate and our organization stays informed. 

You will be instrumental in the smooth running of our GRC operations, ensuring our documentation is accurate and our security processes are executed reliably. By collaborating across the organization, you will manage the vital administrative flows that keep us audit-ready while acting as a security ambassador who drives our awareness initiatives. Your impact comes from taking ownership of core governance tasks and translating complex requirements into engaging communication that makes security and privacy accessible to all of our colleagues.

Your tasks will include:

• Maintain our GRC tool, software catalog, and Record of Processing Activities (RoPA) to ensure our data foundation is consistently accurate.

• Design and execute engaging awareness campaigns for all employees on GRC-related topics, such as cybersecurity and phishing.

• Coordinate with control owners (e.g., Products, HR, or IT departments) to ensure timely completion of recurring security tasks, such as access reviews and mandatory training.

• Administer vendor security vetting by ensuring security questionnaires are received, reviewed, and documented.

• Manage the customer-facing Privacy Inbox, handling data requests and inquiries related to data protection.

• Support audit readiness by collecting and organizing control evidence required for external audits (e.g., ISAE 3402 and ISAE 3000).

This role offers significant growth as you become part of our evolving team, gaining hands-on experience in building a modern GRC function. You’ll have the opportunity to help us modernize our practices by exploring AI, automating routine processes, and innovating how we scale effective assurance. Your responsibilities may expand to:

• Implement tools and techniques to automate routine legal and GRC processes.

• Explore and implement the responsible use of AI to enhance our legal and GRC functions.

• Support the innovation in control design as we mature our processes to known standards and scale effective assurance.

Your team

You'll work closely with our GRC Manager and the broader Risk department in an environment that balances governance with the fast pace of a growing tech company. As part of our evolving team, you will receive ongoing guidance and work closely with experienced colleagues, while being empowered to take operational ownership and make meaningful contributions from day one.

As a team, we prioritize and value:

• Solving Puzzles: We are committed to creating structure in ambiguity, bringing clarity to complex requirements, and continually improving our governance standards and documentation.

• Connecting the Dots: We think in systems, seeing how business goals, product development, and security architecture all connect to manage risk.

• Organizational Curiosity: We are curious about our organization and people, understanding how teams work to effectively identify risks and design practical, high-impact processes.

• Driving Innovation: We maintain a continuous curiosity about new trends like AI, automation, and GRC technology that can fundamentally change how we manage and monitor controls.

What we are looking for

We don’t expect you to know everything or necessarily have hands-on experience from a similar role - but we expect you to be curious and willing to learn. Ideally, you have:

• Relevant Educational Background: You are currently pursuing a degree in a field such as Digital Compliance, Data Governance, Information Security, Law, or IT.

• Foundational Knowledge: A basic understanding of Information Security (e.g., the CIA triad and the purpose of controls like access management) and GDPR (specifically data subject rights and the RoPA).

• An Operational Mindset: A strong interest in process optimization. You enjoy looking at manual workflows and identifying how tools or automation can make them more efficient.

• Stakeholder Coordination: The ability to work cross-functionally (with IT, HR, Legal, Marketing) using a structured approach to track deadlines and ensure essential security and privacy tasks are finalized on time.

• Creative Communication: A flair for creating engaging content and a desire to "market" security and privacy to the organization through clear messaging and creative awareness campaigns.

• Language Requirement: Professional fluency in English (written and oral) is required, as our team and company language is English.

Your e-conomic benefits

🦋 Adapt your work environment and hours to suit your lifestyle, with hybrid options available.

🌍 An international workplace with +30 nationalities.

💆🏻‍♀️ Access a range of services to support your physical and mental health.

🏥 Comprehensive health insurance and company-paid pension.

☕ Unlimited snacks, coffee, and soda to keep you hydrated.

🏬 Located in Carlsberg Byen, equipped with the latest facilities.

🎉Lots of social activities to participate in with colleagues.

Application process

If this role speaks to your career aspirations and personal values, we would love to get to know you. Please send us your CV and respond to our role specific application questions by clicking the button “apply here”.

There’s no need for a cover letter, photo, age or other personal details, as we’re committed to a fair and inclusive process.

We will send you a confirmation email after you apply. Please also check your spam folder just in case.

Recruitment process

First, hit that apply button and let's kickstart your e-conomic journey!

Applications are reviewed continuously, and we invite candidates for interviews as we go.

• Initial phone screening:
  Brief initial chat with Anne Sofie, Talent Acquisition Specialist, to learn more about your motivation and align on compensation.

• 1st interview:
  Meet Helena, GRC Manager, and Anne Sofie. Interview duration appx. 60 minutes.

• 2nd interview:
  Dive deeper into the role with Helena and our Head of Risk, Per. 

• You will receive a personality test and a case for you to prepare in advance. Anne Sofie will provide feedback to your test results during the interview. Interview duration appx. 90 minutes.

If all interviews align, we typically follow up with a reference call as part of the process.

If you have any questions, reach out to Helena at helena.larsen@visma.com 📬