GRC Analyst

Role Overview

This role sits at the heart of governance, risk, and compliance operations within a fast‑scaling, payments‑focused environment. It owns day‑to‑day GRC execution, ensuring a strong and continuous compliance posture across multiple regulatory frameworks. The GRC Analyst partners with engineering, security, legal, and leadership to translate complex compliance requirements into operational processes. Responsibilities include managing audits, external trust requests, and ongoing control monitoring in a highly dynamic, remote‑first setting, while strengthening policy governance, risk management practices, and security assurance programs. It is a hands‑on position demanding precision, ownership, and cross‑functional collaboration to support trust, regulatory readiness, and business growth.

Accountabilities

• Own and manage audit readiness activities, maintaining evidence collection, control monitoring, and coordination with external auditors for SOC 2, PCI DSS, and ISO 27001.
• Handle external security and compliance requests, including vendor assessments, security questionnaires, and RFP responses, ensuring accuracy, consistency, and timely delivery.
• Support and coordinate enterprise risk and compliance programs aligned with GDPR, DORA, NIS2, and the EU AI Act.
• Maintain and govern the policy lifecycle, including updates, exception handling, violation tracking, and remediation follow‑ups.
• Contribute to certification efforts and support expansion into new compliance frameworks as business and regulatory needs evolve.
• Collaborate with engineering and security teams to operationalize controls, strengthen vulnerability management processes, and support security awareness initiatives.
• Maintain ongoing compliance visibility with structured documentation and reinforce a continuous compliance approach rather than point‑in‑time audits.

Requirements

• 3–5 years experience in GRC, compliance, information security governance, or related field.
• Hands‑on experience with external audits such as SOC 2, PCI DSS, ISO 27001, or equivalent frameworks.
• Familiarity with GDPR, DORA, NIS2, and emerging EU compliance standards.
• Experience managing vendor risk assessments, third‑party due diligence, and external security reviews.
• Strong understanding of continuous control monitoring and evidence management practices.
• Proficiency with GRC and compliance platforms such as Vanta, Drata, OneTrust, or similar tools.
• Excellent organizational skills managing multiple compliance workflows in parallel.
• Strong communication skills and ability to work across technical, legal, and business stakeholders.
• Detail‑oriented mindset with a proactive approach to identifying and resolving compliance gaps.
• Ability to work independently in a remote‑first, fast‑moving, ambiguity‑rich environment.
• Nice to have: IAM process and access review familiarity; certifications such as CISA, CRISC, or ISO 27001 Lead Implementer; fintech or payments experience with PCI DSS exposure.

Benefits

• Fully remote and globally distributed work environment.
• Competitive compensation and equity/share options (where applicable).
• Flexible time off with generous minimum holiday allowance.
• Home office setup support and access to co‑working spaces.
• Private medical insurance and health‑related benefits (depending on location).
• Learning and development budget to support continuous growth.
• Annual company retreats, workations, and global team gatherings.
• High‑quality equipment provided for your role.
• Additional region‑specific perks and benefits.