The Role
Who are we?
OpenPayd is a universal financial infrastructure that powers the growth of the digital economy. By providing seamless, API-driven access to global financial services, OpenPayd enables businesses to move and manage money globally.
The OpenPayd platform delivers a full suite of banking and payments services, including payment accounts, trading capabilities, international and domestic payments and Open Banking services - all accessible via a single API. With a growing network of global banking partners, OpenPayd is providing the robust banking infrastructure digital businesses need to thrive.
Our Mission
At OpenPayd, our mission is to power the growth of the digital economy. We believe that all businesses regardless of their scale or industry should be able to leverage the best payment and banking services. We believe in providing our services through a simple, flexible and scalable platform.
About the role
The key purpose of the role is to collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving findings. This includes helping the team manage PCI DSS, ISO27001, ISO20000-1 and SOC 2 Compliance programs. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, ISO 27001, PCI, SOX, and other GRC activities, the Principal GRC Analyst will also contribute to the transformation of the company’s IT compliance program.
How will you add value to the OpenPayd journey:
- Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with NIST standards
- Manage and support PCIDSS, ISO20000-1, SOC 2 and ISO 27001 audits
- Promote widespread implementation of ISO 27001 and ISO20000-1 standards
- Maintain and monitor a central repository for audit evidence
- Inform the proper stakeholders of important concerns and hazards
- Work together with other stakeholders to link our corporate IT, procurement, and privacy departments with GRC objectives
- Maintain up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertise
- Manage security standards, policies, and practices on an annual basis to make sure they meet corporate demands
- Assist the department in responding to inquiries from the business units about ongoing operational compliance
- Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
- Share information with managers
The ideal candidate will have the following:
- 3+ years of direct experience in information security, with a main emphasis on risk and compliance
- Expertise conducting ISO 27001, ISO20000-1, PCI DSS and SOC 2 audits, as well as handling audit responses will be considered an advantage
- Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC 2 , SO20000-1, PCI DSS, NIST, FedRamp, CMMC, GDPR, etc.)
- Knowledge of identity management standards, storage, and disaster recovery in the cloud
- Knowledge of GRC tool techniques and best practices (OneTrust or others)
- Proven track record of organizing and carrying out several risk and compliance projects
- Ability to successfully manage third-party audits, compile evidence, and organize audit responses
- Keen attention to detail
- Effective written and verbal communication skills and the capability to communicate with cross-functional teams
- Proven analytical and problem-solving abilities for managing initiatives that advance corporate goals
- Bachelor’s degree in information cybersecurity, risk management, governance, or a related field
- Strong advantage if you have: ISO 27001 Lead Auditor, CISA, CISM, or CISSP, or are working toward certification
We’d like you to take a read of our Talent Acquisition Privacy Notice which explains how we collect and process your personal data. Please read our notice carefully. By submitting the application button, we will consider that you aware of it.
We are looking forward to receiving your CV.
OpenPayd Talent Team
To all recruitment agencies: OpenPayd does not accept speculative agency resumes. Please do not forward resumes to our jobs alias, OpenPayd employees or any other company location. OpenPayd is not responsible for any fees related to unsolicited resumes. OpenPayd will only accept CV's from the partners with relevant agreement via the People and Talent team only.
#LI-DNI
Similar Jobs
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Embedded Finance for the digital economy OpenPayd is a leading global payments and banking-as-a-service platform that provides a range of banking and payment services to both financial and non-financial institutions. Our services are underpinned by a global network of licences and are accessible through a single API. These include IBANs, open banking, e-money accounts, FX conversion, local and international payments, card processing and debit cards. We believe that all businesses - irrespective of their size or industry - should be able to access the best payment and banking services. We provide all of our services through a simple, flexible and scalable platform.
