
Senior GRC Analyst
Hybrid
Full Time
#Technology
#Information Security
#Risk Assessment
#Compliance
#ISO 27001
#PCI DSS
#SOC 2
#GRC
#Audit Management
#NIST
#Identity Management
#Cloud
At OpenPayd, we are building the universal financial infrastructure that fuels the digital economy. We provide businesses with seamless, API-driven access to a full suite of banking and payment services, including accounts, international transfers, and Open Banking. Our mission is to ensure that companies of all sizes can scale their operations using our flexible, robust platform. We are currently looking for a Senior GRC Analyst to join our team in Bulgaria and help us shape the future of our IT compliance program.
The opportunity
As a Senior GRC Analyst, you will play a vital role in our security and compliance landscape. You will work closely with process owners, internal and external auditors, and various stakeholders to monitor, review, and resolve findings. Your primary focus will be managing our PCI DSS, ISO 27001, ISO 20000-1, and SOC 2 compliance programs. You will be instrumental in transforming our IT compliance framework by managing the full lifecycle of audits and ensuring we remain aligned with both existing and emerging regulatory standards.
A day in the life
- Lead risk and vulnerability assessments, validation testing, and compliance reviews while ensuring all activities align with NIST standards.
- Coordinate and support complex audits, including PCI DSS, ISO 27001, and SOC 2, while maintaining a centralized repository for all audit evidence.
- Collaborate across departments, including procurement, IT, and privacy, to integrate GRC objectives into our broader corporate strategy and provide actionable guidance on process enhancements.
Who you are
You are a detail-oriented professional with at least 3 years of experience in information security, specifically within risk and compliance. You possess a strong analytical mindset and the ability to manage multiple projects simultaneously. Your background includes:
- A solid grasp of market structures and regulatory requirements such as ISO 27001, SOC 2, PCI DSS, and NIST.
- Technical knowledge of cloud-based identity management, storage, and disaster recovery.
- Experience using GRC tools to streamline processes and track compliance efforts.
- Excellent communication skills, allowing you to bridge the gap between technical teams and business stakeholders.
- A Bachelor’s degree in cybersecurity, risk management, or a related field.
- Professional certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor are highly valued.
Why you'll love it here
We are committed to fostering a supportive and flexible environment for our team members. You will benefit from our hybrid work policy, which offers the balance needed to thrive both personally and professionally while contributing to our mission of powering the global digital economy.








