GRC Analyst – Governance, Risk & Compliance

About the role

We are seeking a GRC Analyst to join a fast‑scaling, payments‑focused organization in Switzerland. The role sits at the core of governance, risk, and compliance operations, driving continuous compliance across multiple regulatory frameworks in a remote‑first environment.

Key responsibilities

• Own audit readiness activities, maintain continuous evidence collection, and coordinate with external auditors for SOC 2, PCI DSS, ISO 27001, and other frameworks.
• Handle external security and compliance requests, including vendor assessments, security questionnaires, and RFP responses.
• Support enterprise risk and compliance programs aligned with GDPR, DORA, NIS2, and the EU AI Act.
• Maintain the policy lifecycle: updates, exception handling, violation tracking, and remediation follow‑ups.
• Contribute to certification efforts and expand into new compliance frameworks as business needs evolve.
• Collaborate with engineering and security teams to operationalize controls, strengthen vulnerability management, and promote security awareness.
• Ensure ongoing compliance visibility through structured documentation and a continuous‑control monitoring approach.

Required profile

• 3‑5 years of experience in GRC, compliance, or information security governance.
• Hands‑on experience supporting external audits such as SOC 2, PCI DSS, ISO 27001, or equivalent.
• Familiarity with regulatory requirements including GDPR, DORA, NIS2, and emerging EU standards.
• Experience managing vendor risk assessments and third‑party due diligence.
• Strong organizational skills and the ability to manage multiple compliance workflows in parallel.

Required skills

• Proficiency with GRC platforms such as Vanta, Drata, OneTrust.
• Knowledge of compliance frameworks: SOC 2, PCI DSS, ISO 27001.
• Understanding of regulatory standards: GDPR, DORA, NIS2, EU AI Act.
• Experience with continuous control monitoring and evidence management practices.