Security GRC Analyst

About CloudWalk: We are not just another fintech unicorn. We are a pack of dreamers, makers, and tech enthusiasts building the future of payments. With millions of customers and a hunger for innovation, we're now expanding our neural network - literally and metaphorically. About the Role CloudWalk is seeking a Security GRC Analyst with experience in risk management, compliance, and audit readiness to join our fast-paced Compliance team. We’re not looking for a traditional compliance profile — this is a role for someone who wants to bring GRC into the future: automated, integrated, product-aware, and deeply aligned with how modern technology companies operate. You’ll help us operate and improve our compliance stack (e.g. PCI, SOC 1 and 2, BCB 85/21), manage risks, and contribute to evolving our security bots and agents that power GRC at scale. At CloudWalk, we build secure systems without slowing things down. GRC is not a blocker — it’s a platform for trust and scale. You'll join a collaborative team that values curiosity, autonomy, and clean execution. If you want to leave behind the checklist-driven mindset and move toward real GRC-as-code, this is your place. What You'll Do

Own the operation of our GRC platform and ensure evidence, controls, and risks are tracked and updated

Support internal and external audits (PCI, SOC 1 and 2, BCB 85/21), control testing, and remediation tracking

Map risks, define controls, and partner with teams across Cybersecurity, Engineering, Product, and Legal

Participate in the evolution of our automated bots that streamline GRC

Explore opportunities to automate and integrate GRC workflows using APIs, scripts, or AI tools

What You'll Need to Succeed

Previous experience in Security GRC, audit, or risk management

Understanding of frameworks such as PCI DSS, PCI PIN, PCI SSF, PCI MPoC, SOC 1 and 2, ISO 27001, and BCB Resolution 85/21

Excellent communication and documentation skills

Analytical thinking and structured problem-solving

Eagerness to learn about cloud security, automation, and AI-powered bots

Nice to Have

Familiarity with cloud-native environments

Scripting (Python, Go, or Typescript),

API-based integrations

Security automation tools

Model Context Protocol (MCP)

LLM-based systems