Junior GRC/ Compliance Analyst (Fintech)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Junior GRC/ Compliance Analyst (Fintech): Supporting the third-party risk management (TPRM) program for a global payables automation platform with an accent on vendor risk assessments and compliance monitoring. Focus on conducting security questionnaires, reviewing SOC 2 reports, and operationalizing GRC workflows within the Drata platform.
Location: Hybrid in Tbilisi, Georgia
Company
A well-funded fintech unicorn operating a cloud-based global payables automation platform for streamlining supplier payments and AP operations.
What you will do
- Conduct vendor onboarding risk assessments, including security questionnaires and due diligence reviews.
- Maintain and update the vendor risk register and assessment pipeline.
- Review vendor SOC 2 reports, security documentation, and industry certifications.
- Track vendor risk findings and coordinate remediation commitments.
- Collaborate with Procurement, Legal, and IT stakeholders on vendor reviews.
- Manage assessments and workflows within the Drata GRC platform.
Requirements
- Basic understanding of information security concepts (CIA triad, access control, data classification).
- Familiarity with compliance frameworks such as ISO 27001 and SOC 2.
- Strong organizational and communication skills with a structured thinking approach.
- Ability to read and interpret technical vendor security documentation.
- Location: Must be based in Tbilisi, Georgia.
Nice to have
- Experience with GRC tools such as Drata or Vendict.
- Basic knowledge of data privacy regulations including GDPR and CCPA.
- Progress toward security certifications like CompTIA Security+ or ISO 27001 Foundation.
Culture & Benefits
- Opportunity to work within a high-growth fintech unicorn.
- Hands-on experience with the end-to-end TPRM lifecycle.
- Exposure to global compliance standards and operational controls.
- Dynamic environment with significant opportunities to make a tangible impact.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →