GRC Analyst
P
Primer.ioFinTech
PolandFull-TimeMiddle
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 3–5 years
- Required Skills
- Compliance
Requirements
- 3–5 years in a GRC, compliance, or information security governance role
- Hands-on experience coordinating external audits (SOC 2, PCI DSS, ISO 27001, or similar)
- Familiarity with EU regulatory frameworks such as GDPR, DORA, NIS2, and the EU AI Act
- Experience managing vendor risk assessments and third-party due diligence
- Track record of maintaining evidence and controls on a continuous basis
- Strong organisational skills
- Clear, concise communicator who can work across engineering, legal, and leadership teams
- Comfortable working with compliance tooling and GRC platforms (e.g., Vanta, Drata, OneTrust, or similar)
- Detail-oriented with a bias for proactive, systematic work over reactive cleanup
- Able to operate independently while knowing when to pull in subject-matter experts
Responsibilities
- Maintain a year-round evidence calendar, run continuous control monitoring, and coordinate with external auditors.
- Own inbound security questionnaires, vendor assessments, and RFP responses.
- Maintain a response library to quickly and consistently handle security questionnaires and vendor assessments.
- Coordinate risk assessments, partner on security awareness and training programs, and govern vulnerability management processes.
- Help stay ahead of evolving requirements for PCI DSS, DORA, NIS2, and the EU AI Act.
- Maintain policies, manage exceptions, monitor for violations, and drive remediation follow-through.
- Be the single point of accountability for keeping the policy framework current and enforceable.
- Drive future certification efforts, including ISO 27001.
- Support the operationalisation of new regulatory frameworks as they come into scope.
View Full Description & ApplyYou'll be redirected to the employer's site
