GRC Analyst

This is a fully remote position, open to applicants in Poland.

📋 Description

• Oversee a year-round evidence calendar, execute ongoing control monitoring, and liaise with external auditors.

• Manage incoming security questionnaires, vendor evaluations, and RFP submissions, while maintaining a comprehensive response library.

• Facilitate risk assessments, collaborate on security awareness and training initiatives, and govern vulnerability management frameworks.

• Uphold policies, handle exceptions, monitor compliance violations, and ensure effective remediation follow-up.

• Spearhead future certification initiatives, including ISO 27001, and assist in the operationalization of new regulatory standards.

⛳️ Requirements

• 3–5 years of experience in a GRC, compliance, or information security governance position.

• Practical experience coordinating external audits (SOC 2, PCI DSS, ISO 27001, or equivalent).

• Knowledge of EU regulatory frameworks such as GDPR, DORA, NIS2, and the EU AI Act.

• Proven experience managing vendor risk assessments and conducting third-party due diligence.

• History of maintaining evidence and controls on a continuous basis rather than solely on an annual schedule.

• Strong organizational abilities.

• Effective communicator capable of working with engineering, legal, and leadership teams.

• Comfortable using compliance tools and GRC platforms (e.g., Vanta, Drata, OneTrust, or similar).

• Detail-oriented with a preference for proactive, systematic work over reactive problem-solving.

• Able to work independently while recognizing when to involve subject-matter experts.

• Familiarity with IAM processes and access review cycles (Nice to Have).

• Relevant certifications (CISA, CRISC, ISO 27001 Lead Implementer, or equivalent; Nice to Have).

• Experience in a payments, fintech, or regulated technology setting, especially with PCI DSS compliance (Nice to Have).

🏝️ Benefits

• We are fully remote and globally distributed, having operated this way since our inception.

• Competitive share options.

• Uncapped vacation time, with a minimum of 25 days required to be taken.

• Access to co-working spaces.

• Opportunities for workations and company retreats.

• Provision of top-tier equipment for your role.

• £500 contribution towards your home office setup.

• Generous budget for learning and development.

• Private Medical Insurance.

• A wide range of additional perks and benefits (*depending on location).