Papaya Global is a rapidly growing, award-winning B2B tech unicorn with an ambitious mission to revolutionize the payroll & payments industry. With over $400M raised from multiple tier-one investors, our innovative technology provides a comprehensive solution for managing global workforces, encompassing everything from hiring and onboarding to managing and paying employees in over 160 countries.
We are seeking GRC Specialist to join the Security group, reporting to the GRC Manager. We are looking for a team player, independent and responsible person, quick learner, who wants to work in a challenging and dynamic environment.
You will
- Lead and manage information security compliance programs, including SOC 2 Type I/II and ISO 27001 audits, certifications, and ongoing compliance activities
- Support the implementation and maintenance of DORA (Digital Operational Resilience Act) compliance requirements across the organization
- Own the end-to-end process of responding to customer security questionnaires, RFPs, and third-party due diligence requests
- Conduct risk assessments and help develop risk treatment plans to address identified gaps
- Develop, review, and maintain information security policies, standards, procedures, and guidelines
- Perform internal audits and gap analyses against regulatory frameworks and industry best practices
- Collaborate with cross-functional teams (R&D, IT, Legal, Sales) to embed security and compliance practices across the organization
- Monitor and track the remediation of identified risks and compliance gaps
- Support vendor and third-party risk management processes, including periodic risk assessments and ongoing monitoring
Requirements
- 4+ years of hands-on experience in GRC, information security compliance, or a related field
- Proven experience managing SOC 2 Type I/II audits and certification processes
- Hands-on experience with ISO 27001 implementation and/or certification audits
- Familiarity with DORA (Digital Operational Resilience Act) requirements and their practical application
- Experience handling customer security questionnaires and due diligence requests – Must
- Strong knowledge of information security risk management methodologies and frameworks
- Experience working with cross-functional stakeholders and translating compliance requirements into actionable steps
- Highly proficient in spoken and written English
- Team player, detail-oriented, with strong organizational and communication skills – Must
- Experience in a SaaS or B2B tech company – Advantage
- Degree in Information Technology / Information Systems / Computer Science – Advantage
Skills Required
- 4+ years of hands-on experience in GRC, information security compliance, or a related field
- Proven experience managing SOC 2 Type I/II audits and certification processes
- Hands-on experience with ISO 27001 implementation and/or certification audits
- Familiarity with DORA requirements and their practical application
- Experience handling customer security questionnaires and due diligence requests
- Strong knowledge of information security risk management methodologies and frameworks
- Experience working with cross-functional stakeholders
- Highly proficient in spoken and written English
- Team player, detail-oriented, with strong organizational and communication skills
- Experience in a SaaS or B2B tech company
- Degree in Information Technology / Information Systems / Computer Science
What We Do
Imagine controlling all your global payroll and payments from a single place, supported by certified experts who keep you compliant in every country, even when laws change. No more juggling third parties. No more foreign bank accounts. No more repetitive manual work. Finally, there’s one platform that gives you total control of your global operations, from creating local contracts automatically to paying workers in the local currency of 160+ countries. It’s called Papaya Global, and we’d love to show it to you. Papaya Global: How the world gets paid
