Key Facts

Remote From:

Europe

Full time

Mid-level (2-5 years)

6 - 27K yearly

English

Hard Skills

Other Skills

•
Non-Verbal Communication
•
Collaboration
•
Resourcefulness
•
Team Oriented
•
Self-Motivation

Roles & Responsibilities

Bachelor's degree in IT, Cybersecurity, Business, or equivalent experience
3-5 years of experience in GRC, IT Audit, or third-party risk management (TPRM) roles
Familiarity with at least two cybersecurity frameworks/regulations (ISO 27001, PCI-DSS, SOC 2 Type II, NIST CSF, and/or DORA)
Experience drafting and revising global cybersecurity policies and standards

Requirements:

Manage end-to-end vendor risk assessment lifecycle, reviewing due diligence packages (SOC 2 Type II, ISO 27001, questionnaires, and penetration test summaries) to validate vendor security controls against Paysend Supplier Security Policy
Maintain the Vendor Inventory and Risk Register and conduct periodic reassessments of critical vendors, ensuring ongoing compliance with DORA requirements for ICT service providers
Collect and validate audit evidence from stakeholders, map to controls (NIST 800-53, ISO 27001), support internal mock audits, document findings, and drive remediation with control owners
Assist with the development and annual review of policies, standards, procedures, guidelines; maintain Security Confluence pages; support design and execution of employee GRC/compliance training; respond to customer security questionnaires, RFPs, and inquiries; and support Paysend DORA compliance

Paysend

Financial Services

About Paysend

At Paysend, we're on a mission to deliver the World's Simplest Money Transfer. Paysend is a next-generation integrated global payment ecosystem, enabling consumers and businesses to pay and send money online anywhere, anyhow and in any currency. Paysend is UK-based and has global reach having been created in April 2017 with the clear mission to change how money is moved around the world. Paysend currently supports cross-network operability globally across Mastercard, Visa, China UnionPay and local ACH and payment schemes, providing over 40 payment methods for online SMEs. Paysend can send money to over 170 countries worldwide and has attracted more than six million consumers to its platform. As a global end-to-end payment platform, Paysend has a global network of banks and international and local payment systems and has partnerships with the major international card networks Visa, Mastercard and China Union Pay as a principal members and certified processors. Paysend: Simple Money Transfer Download the Paysend app from the App Store or Google Play.

Industry: Financial Services

Founded: 2018

Company size: 201 - 500

Website LinkedIn See all jobs →

Job description

About The Role:

Reporting to the Security GRC Lead, we are seeking a detail-oriented Information Security GRC Analyst to join our security team and help support and operationalize Governance, Risk, and Compliance processes. In this role, you will be the guardian of our digital supply chain, responsible for evaluating the security posture of our third-party vendors and partners. You will be a risk advisor, helping the business make informed decisions about who we trust with our data. Additionally, you will play a key role in our internal compliance programs, helping us prepare for audits (SOC 2, ISO 27001, PCI DSS, etc.) and driving the remediation of security gaps.

What You'll Do (Responsibilities):

You should be enthusiastic about:

Security risk and controls management alongside a team of outstanding colleagues in the FinTech industry sector
Thriving and growing in a fast-paced FinTech environment and being able to pivot priorities to adapt
quickly to a constantly evolving & demanding Security GRC landscape
Staying up-to-date on current emerging cybersecurity trends

As a Security GRC Analyst, you will be responsible for:

Supplier Due Diligence: Manage the end-to-end vendor risk assessment lifecycle. Review "due
diligence packages" including SOC 2 Type 2 reports, ISO 27001 certificates, questionnaires, and
penetration test summaries to validate vendor security controls against Paysend Supplier Security Policy.
Continuous Monitoring: Maintain the organization’s Vendor Inventory and Risk Register.
Conduct periodic reassessments of critical vendors to ensure ongoing compliance, particularly
in alignment with DORA requirements for ICT service providers.
Evidence Collection: Assist with audit activities by collecting and validating evidence from
stakeholders (IT, HR, Engineering). Ensure evidence is accurate, complete, and mapped to the
relevant controls (e.g., NIST 800-53, ISO 27001).
Support periodic internal reviews (mock audits) to identify non-compliance issues. Document
findings and work with control owners to implement remediation solutions.
Assist with the development and annual review of policies, standards, procedures, and
guidelines.
Maintain Security Confluence pages and ensure they are kept up to date with relevant
information
Assist with the design and operational execution of employee training curricula required for
GRC/compliance requirements
Support the response to customer security questionnaires, RFPs, and inquiries about our
Security & Compliance program.
Support ongoing activities related to Paysend DORA compliance.

What You’ll Need To Be Successful In This Role:

Bachelor's degree in IT, Cybersecurity, Business, or equivalent experience.
3-5 years working in GRC, IT Audit, or TPRM roles.
Familiarity with at least two of the following cybersecurity frameworks or regulations including:
ISO 27001, PCI-DSS, SOC 2 Type II, NIST CSF and/or DORA.
Experience drafting and revising global cybersecurity policies and standards.
Team player and motivated self-starter who is resourceful and has the ability to work
collaboratively with multiple stakeholders across different products, business lines, and regions
Excellent written communication skills with the ability to document, communicate, and report
on cybersecurity risks as well as the status of the implementation and effectiveness of
cybersecurity controls with product and business leaders
Excellent verbal communication skills with the ability to translate complex technical concepts
into business language
Excellent command of the English language (written and spoken)

Nice To Have:

Basic understanding of cloud infrastructure (AWS/Azure) to better evaluate cloud vendors.
Hands-on experience configuring workflows in ServiceNow Vendor Risk Management, Vanta,
Drata, or OneTrust.

Why Join Paysend?

Make a Global Impact: Directly impact millions of users worldwide
Accelerate Your Career: Benefit from internal mobility, mentoring programs, and continuous learning opportunities
Thrive in a Connected, Global Organization: Collaborate with colleagues across our international hubs and more
Embrace a Principle-Driven & Focused Culture: Work in an organization guided by strong principles and values that actually help you achieve more than you thought possible
Enjoy Competitive Compensation and Benefits: Receive a competitive salary, benefits, and flexible work arrangements