Security GRC Analyst (Fintech)

TL;DR

Security GRC Analyst (Cybersecurity/Fintech): Managing risk, compliance, and audit readiness for a payment platform with an accent on automation and GRC-as-code. Focus on operating the GRC platform, streamlining controls through AI-powered bots, and ensuring compliance with PCI and SOC standards.

Location: Remote (São Paulo, Brazil)

Company

A fintech unicorn building the future of payments with a focus on innovation and AI-driven systems.

What you will do

• Own the operation of the GRC platform, ensuring evidence, controls, and risks are tracked and updated.
• Support internal and external audits, including PCI, SOC 1 and 2, and BCB 85/21, and manage remediation tracking.
• Partner with Cybersecurity, Engineering, Product, and Legal teams to map risks and define controls.
• Contribute to the evolution and development of automated bots that streamline GRC processes.
• Explore and implement GRC workflow automation using APIs, scripts, or AI tools.

Requirements

• Previous experience in Security GRC, audit, or risk management.
• Strong understanding of frameworks: PCI DSS, PCI PIN, PCI SSF, PCI MPoC, SOC 1 and 2, ISO 27001, and BCB Resolution 85/21.
• Analytical thinking and structured problem-solving skills.
• Excellent communication and documentation skills.

Nice to have

• Familiarity with cloud-native environments.
• Scripting skills in Python, Go, or TypeScript.
• Experience with API-based integrations and security automation tools.
• Knowledge of Model Context Protocol (MCP) and LLM-based systems.

Culture & Benefits

• Opportunity to move away from checklist-driven compliance toward a "GRC-as-code" approach.
• Fast-paced environment that values curiosity, autonomy, and clean execution.
• Collaborative team culture where GRC is treated as a platform for trust and scale rather than a blocker.
• Work within a tech-forward company integrating AI into security operations.