Technology Compliance & Risk Analyst (GRC)

Posted 9 Hours Ago
Be an Early Applicant
6 Locations
Remote
Mid level
Software
The Role
Own the vendor and third‑party risk lifecycle and support the GRC programme across ISMS, privacy, and compliance. Duties include vendor due diligence, security questionnaires, risk ratings, contractual safeguards, supplier assurance, ISO-aligned risk assessments, RoPA/DPIA support, audit readiness, and governance reporting.
Summary Generated by Built In

About Patrianna

Patrianna is a fast-scaling product development company headquartered in Gibraltar, with a dynamic, global team powering our growth. We operate at the intersection of technology and entertainment, building innovative solutions that shape the future of social gaming and deliver outstanding experiences to millions of players worldwide.

We're driven by speed, ambition, and bold ideas. At our core, we're product creators and problem-solvers who thrive in a high-performance environment. We're looking for exceptional talent—smart, adaptable, and motivated individuals eager to make an impact, scale business functions at pace, and continuously improve.

Whether you're a domain expert or an agile thinker who thrives in change, at Patrianna you'll have the freedom to innovate, take ownership, and help us lead the next wave of gaming innovation. Join us—and be part of something extraordinary.

The Role

Own the vendor and third-party risk lifecycle for a fast-scaling tech company, while supporting the wider GRC programme across ISMS, privacy, and compliance.

What you will be doing
  • Third-Party Risk (Champion) — Own the full vendor risk lifecycle: due diligence, security questionnaires, risk rating, contractual safeguards (DPAs, security schedules), and ongoing monitoring. Maintain the supplier register and drive reassessment cadence based on criticality.

  • Supplier Assurance — Track fourth-party dependencies and concentration risk across critical suppliers, aligning oversight with DORA ICT third-party requirements and ISO 27001 supplier controls.

  • ISMS & Audit Readiness — Support policy maintenance, control mapping, and evidence collection to keep the Statement of Applicability (SoA) current and audit-ready across the entities and clients you cover.

  • Risk Management & RCSA — Execute risk assessments using an ISO 31000-aligned methodology and contribute to Risk & Control Self-Assessment workshops and remediation tracking.

  • Privacy Operations — Support RoPA maintenance, DPIAs, and data subject requests — with a focus on processor and controller arrangements with vendors and group entities.

  • Governance Reporting — Prepare third-party risk materials for governance committees and keep registers accurate, visible, and current.

What we are looking for
  • Solid GRC grounding — A proven track record in GRC, IT audit, vendor risk, or information security, with hands-on third-party/supplier risk responsibility.

  • Third-party risk proficiency — Practical experience running vendor due diligence, security questionnaires (SIG, CAIQ, or equivalent), and contractual risk review.

  • Framework knowledge — Working knowledge of ISO/IEC 27001:2022 supplier controls, ISO 31000, and GDPR processor obligations; familiarity with DORA third-party requirements is a plus.

  • Independent thinker — You go beyond the checklist — you understand the why behind a control, spot gaps, and propose improvements without being prompted.

  • Pragmatic compliance mindset — You see GRC as a business enabler, not a blocker, and know how to balance rigor with momentum.

  • Clear communicator — Precise, confident writing across questionnaires, risk memos, and supplier-facing responses that need minimal oversight.

Why you will love it

At Patrianna, GRC isn't a back-office function — it's central to how we scale responsibly. You'll take real ownership of a critical domain, work alongside infrastructure, security, procurement, and product teams, and see the direct impact of your work on how the business grows and operates.

You'll have the autonomy to shape how third-party risk is managed at a company moving fast, with the support of a GRC & Assurance Manager who values initiative and independent thinking. If you want a role where you can build something meaningful — not just maintain it — this is it.

Nice to haves: Experience in iGaming, fintech, or other regulated sectors; exposure to TPRM/GRC platforms (OneTrust, ProcessUnity, Whistic, CISO Assistant); certifications such as ISO 27001 Lead Implementer/Auditor, CTPRP, CIPP/E, CISA, or CRISC; and familiarity with SOC 2 Type II or PCI-DSS supplier scoping.

Equal Opportunities Statement

We hire based on skills, drive, and ideas—nothing else. Your background, gender, age, race, ethnicity, disability, sexual orientation, religion, neurodiversity, or educational path will never be a barrier to joining us. We also welcome candidates from non-traditional career journeys and value diverse perspectives that challenge conventional thinking.

Diversity fuels our innovation, collaboration, and growth, and we're committed to creating an environment where everyone can contribute their best work and thrive.

Skills Required

  • Proven track record in GRC, IT audit, vendor risk, or information security with hands-on third-party/supplier risk responsibility
  • Practical experience running vendor due diligence and security questionnaires (SIG, CAIQ, or equivalent)
  • Experience with supplier contractual safeguards (DPAs, security schedules) and contractual risk review
  • Working knowledge of ISO/IEC 27001:2022 supplier controls, ISO 31000, and GDPR processor obligations
  • Experience supporting ISMS activities, control mapping, evidence collection, and audit readiness
  • Ability to execute risk assessments and participate in RCSA workshops and remediation tracking
  • Support privacy operations including RoPA maintenance, DPIAs, and data subject requests related to vendors
  • Strong written communication for questionnaires, risk memos, and supplier-facing responses
  • Independent thinker who can identify gaps and propose improvements
  • Pragmatic compliance mindset balancing rigor with business momentum
  • Experience in iGaming, fintech, or other regulated sectors
  • Exposure to TPRM/GRC platforms (OneTrust, ProcessUnity, Whistic, CISO Assistant)
  • Certifications such as ISO 27001 Lead Implementer/Auditor, CTPRP, CIPP/E, CISA, or CRISC
  • Familiarity with SOC 2 Type II or PCI-DSS supplier scoping
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Gibraltar
294 Employees
Year Founded: 2011

What We Do

Patrianna is a super fast-growing product development company headquartered in Gibraltar with colleagues around the world. We are looking for exceptional, smart talent striving to be number one. Motivated and capable of scaling up business functions at pace through domain expertise and a desire to continuously improve.

Similar Jobs

Remote
26 Locations
393 Employees
179K-179K Annually
In-Office or Remote
2 Locations
125 Employees
25K-65K Annually

Apex Group Logo Apex Group

Specialist Transaction Monitoring

Fintech • Payments • Financial Services
Remote
Mriehel, Birkirkara, MLT
7423 Employees

Nivoda Logo Nivoda

Business Development Manager

Marketing Tech • Retail
In-Office or Remote
9 Locations
366 Employees

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account