GRC Analyst

About the role

The GRC Analyst will be at the core of governance, risk, and compliance operations for a fast‑scaling payments‑focused company. Working remotely, you will partner with engineering, security, legal and leadership teams to translate complex regulatory requirements into practical, day‑to‑day processes that keep the organization audit‑ready and trustworthy.

Key responsibilities

• Own audit readiness activities, continuously collect evidence and coordinate external auditors for SOC 2, PCI DSS and ISO 27001.
• Handle external security and compliance requests, including vendor assessments, security questionnaires and RFP responses.
• Support enterprise risk and compliance programs aligned with GDPR, DORA, NIS2 and the EU AI Act.
• Maintain the policy lifecycle: updates, exception handling, violation tracking and remediation.
• Contribute to new certification efforts as business and regulatory needs evolve.
• Collaborate with engineering and security to operationalise controls, improve vulnerability management and drive security awareness.
• Ensure continuous compliance visibility through structured documentation and ongoing monitoring.

Required profile

• 3‑5 years of experience in GRC, compliance or information security governance.
• Hands‑on experience supporting external audits such as SOC 2, PCI DSS or ISO 27001.
• Familiarity with GDPR, DORA, NIS2 and emerging EU compliance standards.
• Experience managing vendor risk assessments and third‑party due diligence.
• Strong organisational skills and ability to manage multiple compliance workflows in parallel.

Required skills

• Proficiency with GRC platforms such as Vanta, Drata or OneTrust.
• Knowledge of continuous control monitoring and evidence management practices.
• Understanding of audit frameworks: SOC 2, PCI DSS, ISO 27001.
• Awareness of regulatory frameworks: GDPR, DORA, NIS2, EU AI Act.