GRC Analyst

About the role

We are seeking a Governance, Risk & Compliance (GRC) Analyst to join a fast‑scaling, payments‑focused organization in France. The role is central to maintaining continuous compliance across multiple regulatory frameworks and works closely with engineering, security, legal, and leadership teams.

Key responsibilities

• Own audit readiness activities, collect continuous evidence, monitor controls, and coordinate with external auditors for SOC 2, PCI DSS, ISO 27001, etc.
• Handle external security and compliance requests, including vendor assessments, security questionnaires, and RFP responses.
• Support enterprise risk and compliance programs aligned with GDPR, DORA, NIS2, EU AI Act, and emerging EU standards.
• Maintain the policy lifecycle: updates, exception handling, violation tracking, and remediation follow‑ups.
• Contribute to certification efforts and expand into new compliance frameworks as business needs evolve.
• Collaborate with engineering and security teams to operationalize controls, strengthen vulnerability management, and drive security awareness.
• Ensure ongoing compliance visibility through structured documentation and a continuous‑compliance approach.

Required profile

• 3‑5 years of experience in GRC, compliance, or information security governance.
• Hands‑on experience supporting external audits such as SOC 2, PCI DSS, ISO 27001, or equivalent.
• Familiarity with regulatory requirements including GDPR, DORA, NIS2, and emerging EU standards.
• Experience managing vendor risk assessments and third‑party due diligence.
• Strong understanding of continuous control monitoring and evidence management practices.
• Excellent organizational and communication skills, able to work across technical, legal, and business stakeholders.

Required skills

• Proficiency with GRC and compliance platforms such as Vanta, Drata, OneTrust, or similar tools.