GRC Analyst

GRC Analyst

This role sits at the heart of governance, risk, and compliance operations within a fast-scaling, payments-focused environment. You will take ownership of day-to-day GRC execution, ensuring the organization maintains a strong and continuous compliance posture across multiple regulatory frameworks. Acting as a key partner to engineering, security, legal, and leadership teams, you will help translate complex compliance requirements into structured, operational processes. The role involves managing audits, external trust requests, and ongoing control monitoring in a highly dynamic, remote-first setting. You will also contribute to strengthening policy governance, risk management practices, and security assurance programs. This is a hands-on position where precision, ownership, and cross-functional collaboration directly support trust, regulatory readiness, and business growth.

Accountabilities:

• Own and manage audit readiness activities, including maintaining continuous evidence collection, control monitoring, and coordination with external auditors for frameworks such as SOC 2, PCI DSS, and ISO 270001.
• Handle external security and compliance requests, including vendor assessments, security questionnaires, and RFP responses, ensuring accuracy, consistency, and timely delivery.
• Support and coordinate enterprise risk and compliance programs aligned with regulations such as GDPR, DORA, NIS2, and the EU AI Act.
• Maintain and govern the policy lifecycle, including policy updates, exception handling, violation tracking, and remediation follow-ups.
• Contribute to certification efforts and support expansion into new compliance frameworks as business and regulatory needs evolve.
• Collaborate with engineering and security teams to operationalize controls, strengthen vulnerability management processes, and support security awareness initiatives.
• Ensure ongoing compliance visibility by maintaining structured documentation and reinforcing a continuous compliance approach rather than point-in-time audits.

Requirements:

• 3–5 years of experience in GRC, compliance, information security governance, or a related field.
• Hands-on experience supporting external audits such as SOC 2, PCI DSS, ISO 27001, or equivalent frameworks.
• Familiarity with regulatory requirements including GDPR, DORA, NIS2, and ideally emerging EU compliance standards.
• Experience managing vendor risk assessments, third-party due diligence, and external security reviews.
• Strong understanding of continuous control monitoring and evidence management practices.
• Proficiency with GRC and compliance platforms such as Vanta, Drata, OneTrust, or similar tools.
• Excellent organizational skills with the ability to manage multiple compliance workflows in parallel.
• Strong communication skills, with the ability to work effectively across technical, legal, and business stakeholders.
• Detail-oriented mindset with a proactive approach to identifying and resolving compliance gaps.
• Ability to work independently in a remote-first, fast-moving, and ambiguity-rich environment.
• Nice to have: familiarity with IAM processes and access reviews, certifications such as CISA, CRISC, or ISO 27001 Lead Implementer, and experience in fintech or payments environments with PCI DSS exposure.

Benefits:

• Fully remote and globally distributed work environment.
• Competitive compensation and equity/share options (where applicable).
• Flexible time off with generous minimum holiday allowance.
• Home office setup support and access to co-working spaces.
• Private medical insurance and health-related benefits (depending on location).
• Learning and development budget to support continuous growth.
• Annual company retreats, workations, and global team gatherings.
• High-quality equipment provided for your role.
• Additional region-specific perks and benefits.