Senior GRC Analyst

Who are we?   OpenPayd is a leading global payments and banking-as-a-service platform for the digital economy. Through its API-driven technology, businesses can embed financial services into their products and create the seamless user experiences needed to drive business growth.    OpenPayd’s platform removes the need to contract with multiple providers for different services and across different markets. Instead, businesses can access accounts, FX, international and domestic payments, and Open Banking services globally via a single API integration.  OpenPayd is committed to providing businesses with a fully compliant solution across all markets, leaving your business to focus on growth.    Our Mission   Our mission is to ‘To open up banking and payments for business globally, through a modular platform’. We believe that all businesses regardless of their scale or industry should be able to leverage the best payment and banking services. We believe in providing our services through a simple, flexible, and scalable platform. About the role The key purpose of the role is to collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving findings. This includes helping the team manage PCI DSS, ISO27001, ISO20000-1 and SOC 2 Compliance programs. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, ISO 27001, PCI, SOX, and other GRC activities, the Principal GRC Analyst will also contribute to the transformation of the company’s IT compliance program. How will you add value to the OpenPayd journey:

Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with NIST standards

Manage and support PCIDSS, ISO20000-1, SOC 2 and ISO 27001 audits

Promote widespread implementation of ISO 27001 and ISO20000-1 standards

Maintain and monitor a central repository for audit evidence

Inform the proper stakeholders of important concerns and hazards

Work together with other stakeholders to link our corporate IT, procurement, and privacy departments with GRC objectives

Maintain up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertise

Manage security standards, policies, and practices on an annual basis to make sure they meet corporate demands

Assist the department in responding to inquiries from the business units about ongoing operational compliance

Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements

Share information with managers

The ideal candidate will have the following:

3+ years of direct experience in information security, with a main emphasis on risk and compliance

Expertise conducting ISO 27001, ISO20000-1, PCI DSS and SOC 2 audits, as well as handling audit responses will be considered an advantage

Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC 2 , SO20000-1, PCI DSS, NIST, FedRamp, CMMC, GDPR, etc.)

Knowledge of identity management standards, storage, and disaster recovery in the cloud

Knowledge of GRC tool techniques and best practices (OneTrust or others)

Proven track record of organizing and carrying out several risk and compliance projects

Ability to successfully manage third-party audits, compile evidence, and organize audit responses

Keen attention to detail

Effective written and verbal communication skills and the capability to communicate with cross-functional teams

Proven analytical and problem-solving abilities for managing initiatives that advance corporate goals

Bachelor’s degree in information cybersecurity, risk management, governance, or a related field

Strong advantage if you have: ISO 27001 Lead Auditor, CISA, CISM, or CISSP, or are working toward certification