GRC Analyst

Concord Servicing is a leading loan-servicing company with more than three decades of experience delivering high-quality solutions for originators, lenders, and capital providers across consumer and commercial markets. In June 2025, we welcomed Orion First, a market-leading third-party servicer specializing in commercial loan and lease portfolios, to the Concord family. This integration positions us to offer a full-scope servicing platform: from consumer to commercial, from origination through payments, collections, data analytics, backup servicing, and business intelligence.

We exist to deliver exceptional servicing outcomes for our clients and borrowers by combining deep domain expertise, robust technology platforms, and a steadfast focus on compliance, risk management, and client service. With this expanded platform, we aim to be the go-to partner across the credit lifecycle for both consumer-finance and commercial/lease portfolios.

Concord is seeking an enthusiastic and detail-oriented GRC Analyst to join our Information Security team. This role is an excellent opportunity for someone looking to build a strong foundation in governance, risk, and compliance (GRC) within a fast-paced and supportive environment.

This role will assist in the maintenance of policies and procedures, support the collection and organization of audit evidence across multiple compliance frameworks, and contribute to efforts that modernize and automate GRC processes.

This is a full-time, in-person role based in Mexico City, Mexico. The role reports directly to the Chief Information Security Officer (CISO). The candidate will be expected to work closely with cross-functional teams and grow their responsibilities over time as they develop within the program.

Key Responsibilities:

• Policies & Procedures: Assist in the maintenance and updating of Information Security policies and procedures, including version control and supporting organization-wide awareness efforts
• Audit Evidence Collection: Support the gathering and organization of audit evidence across compliance frameworks including PCI DSS, SOC 1, SOC 2, and HIPAA
• GRC Automation: Assist in identifying manual or repetitive GRC processes and contribute to automation efforts leveraging AI-powered tools, scripting languages, and workflow automation platforms
• Documentation: Help document workflows, processes, and procedural guides across GRC functions to ensure consistency, clarity, and accessibility for internal reviews, external audits, and day-to-day operations
• Compliance Monitoring: Develop awareness of applicable regulatory frameworks (PCI DSS, SOC, HIPAA, and others) and assist in tracking relevant changes
• Cross-Functional Collaboration: Work alongside IT, Legal, Operations, and business unit teams to support compliance practices across the organization
• Metrics & Reporting: Assist in maintaining GRC dashboards and contribute to compliance status reports

• Foundational understanding of GRC, Information Security, compliance, or a related field, including a basic understanding of Risk Management concepts
• Familiar with regulatory and compliance frameworks within the United States of America (PCI, SOC, and HIPAA are preferred)
• Excellent written and verbal communication skills in English and Spanish
• Strong attention to detail, organizational skills, and the ability to prioritize tasks appropriately
• Willingness to learn and grow within a structured compliance environment
• Collaborative mindset with the ability to work effectively across teams and levels of the organization

• Grocery Vouchers
• Internet Bonus
• Medical Insurance
• Life Insurance
• Dental Insurance
• Law Benefits