GRC Analyst

Overview

Accountabilities

• Own and manage audit readiness activities, including maintaining continuous evidence collection, control monitoring, and coordination with external auditors for frameworks such as SOC 2, PCI DSS, and ISO 27001.
• Handle external security and compliance requests, including vendor assessments, security questionnaires, and RFP responses, ensuring accuracy, consistency, and timely delivery.
• Support and coordinate enterprise risk and compliance programs aligned with regulations such as GDPR, DORA, NIS2, and the EU AI Act.
• Maintain and govern the policy lifecycle, including policy updates, exception handling, violation tracking, and remediation follow-ups.
• Contribute to certification efforts and support expansion into new compliance frameworks as business and regulatory needs evolve.
• Collaborate with engineering and security teams to operationalize controls, strengthen vulnerability management processes, and support security awareness initiatives.
• Ensure ongoing compliance visibility by maintaining structured documentation and reinforcing a continuous compliance approach rather than point-in-time audits.

Requirements

• 3-5 years of experience in GRC, compliance, information security governance, or a related field.
• Hands-on experience supporting external audits such as SOC 2, PCI DSS, ISO 27001, or equivalent frameworks.
• Familiarity with regulatory requirements including GDPR, DORA, NIS2, and ideally emerging EU compliance standards.
• Experience managing vendor risk assessments, third-party due diligence, and external security reviews.
• Strong understanding of continuous control monitoring and evidence management practices.
• Proficiency with GRC and compliance platforms such as Vanta, Drata, OneTrust, or similar tools.
• Excellent organizational skills with the ability to manage multiple compliance workflows in parallel.
• Strong communication skills, with the ability to work effectively across technical, legal, and business stakeholders.
• Detail-oriented mindset with a proactive approach to identifying and resolving compliance gaps.
• Ability to work independently in a remote-first, fast-moving, and ambiguity-rich environment.
• Nice to have: familiarity with IAM processes and access reviews, certifications such as CISA, CRISC, or ISO 27001 Lead Implementer, and experience in fintech or payments environments with PCI DSS exposure.

Benefits

• Fully remote and globally distributed work environment.
• Competitive compensation and equity/share options (where applicable).
• Flexible time off with generous minimum holiday allowance.
• Home office setup support and access to co-working spaces.
• Private medical insurance and health-related benefits (depending on location).
• Learning and development budget to support continuous growth.
• Annual company retreats, workations, and global team gatherings.
• High-quality equipment provided for your role.
• Additional region-specific perks and benefits.

How Jobgether Works

Data Privacy Notice