GRC Analyst

About the role

This position sits at the heart of governance, risk, and compliance (GRC) operations within a fast‑scaling, payments‑focused environment. You will own day‑to‑day GRC execution, ensuring continuous compliance across multiple regulatory frameworks while collaborating with engineering, security, legal, and leadership teams.

Key responsibilities

• Own and manage audit readiness activities, including continuous evidence collection, control monitoring, and coordination with external auditors for SOC 2, PCI DSS, and ISO 27001.
• Handle external security and compliance requests such as vendor assessments, security questionnaires, and RFP responses.
• Support and coordinate enterprise risk and compliance programs aligned with GDPR, DORA, NIS2, and the EU AI Act.
• Maintain and govern the policy lifecycle, including updates, exception handling, violation tracking, and remediation follow‑ups.
• Contribute to certification efforts and expand into new compliance frameworks as business needs evolve.
• Collaborate with engineering and security teams to operationalize controls, strengthen vulnerability management, and support security awareness initiatives.
• Ensure ongoing compliance visibility through structured documentation and a continuous compliance approach.

Required profile

• 3‑5 years of experience in GRC, compliance, or information security governance.
• Hands‑on experience supporting external audits such as SOC 2, PCI DSS, or ISO 27001.
• Familiarity with regulatory requirements including GDPR, DORA, NIS2, and emerging EU standards.
• Experience managing vendor risk assessments and third‑party due diligence.
• Strong understanding of continuous control monitoring and evidence management practices.

Required skills

• Proficiency with GRC platforms such as Vanta, Drata, or OneTrust.

What we offer

• Remote‑first work environment.
• Opportunity to shape compliance processes in a high‑growth fintech.