GRC Specialist

Papaya Global is a rapidly growing, award-winning B2B tech unicorn with an ambitious mission to revolutionize the payroll & payments industry. With over $400M raised from multiple tier-one investors, our innovative technology provides a comprehensive solution for managing global workforces, encompassing everything from hiring and onboarding to managing and paying employees in over 160 countries. 

We are seeking a GRC Specialist to join the Security group, reporting to the GRC Manager. We are looking for a team player, independent and responsible person, quick learner, who wants to work in a challenging and dynamic environment.

You will:

• Lead and manage information security compliance programs, including SOC 2 Type I/II and ISO 27001 audits, certifications, and ongoing compliance activities.
• Support the implementation and maintenance of DORA (Digital Operational Resilience Act) compliance requirements across the organization.
• Own the end-to-end process of responding to customer security questionnaires, RFPs, and third-party due diligence requests.
• Conduct risk assessments and help develop risk treatment plans to address identified gaps.
• Develop, review, and maintain information security policies, standards, procedures, and guidelines.
• Perform internal audits and gap analyses against regulatory frameworks and industry best practices.
• Collaborate with cross-functional teams (R&D, IT, Legal, Sales) to embed security and compliance practices across the organization.
• Monitor and track the remediation of identified risks and compliance gaps.
• Support vendor and third-party risk management processes, including periodic risk assessments and ongoing monitoring.
• Leverage AI-enabled tools to streamline compliance workflows, including analysis of security controls, drafting and refinement of compliance documentation, and support in audit preparation and evidence collection.
• Use AI-assisted capabilities to improve efficiency and accuracy in responding to security questionnaires, risk assessments, and regulatory documentation while maintaining strict compliance and traceability standards.
• Apply AI tools to support knowledge management, policy drafting, and cross-framework mapping (SOC 2, ISO 27001, DORA) in a controlled and auditable manner.

• 4+ years of hands-on experience in GRC, information security compliance, or a related field.
• Proven experience managing SOC 2 Type I/II audits and certification processes.
• Hands-on experience with ISO 27001 implementation and/or certification audits.
• Familiarity with DORA (Digital Operational Resilience Act) requirements and their practical application.
• Experience handling customer security questionnaires and due diligence requests – Must.
• Strong knowledge of information security risk management methodologies and frameworks.
• Experience working with cross-functional stakeholders and translating compliance requirements into actionable steps.
• Highly proficient in spoken and written English.
• Team player, detail-oriented, with strong organizational and communication skills – Must.
• Experience in a SaaS or B2B tech company – Advantage.
• Degree in Information Technology / Information Systems / Computer Science – Advantage.
• Demonstrated ability to effectively leverage AI tools to support compliance operations, including documentation, audit preparation, risk analysis, questionnaire handling, and policy development workflows.
• Practical experience using AI-assisted tools to enhance accuracy, efficiency, and consistency in governance, risk, and compliance processes while ensuring adherence to regulatory and audit requirements.