GRC Analyst (Fintech)

TL;DR

GRC Analyst (Fintech/SaaS): Managing and scaling security compliance frameworks and global data privacy operations with an accent on SOC 2, ISO 27001, GDPR, and CCPA. Focus on bridging the gap between technical security controls and regulatory requirements to ensure high standards of data protection across financial software suites.

Location: Remote (United States)

Company

hirify.global builds cloud-native software solutions on Oracle NetSuite to automate complex financial processes for scaling businesses.

What you will do

• Lead the management and scaling of core security compliance frameworks, specifically SOC 2 Type II and ISO 27001.
• Govern global data privacy operations to ensure alignment with GDPR, CCPA/CPRA, and other data protection laws.
• Serve as the primary security liaison for enterprise customers to support the sales cycle.
• Manage internal audit programs and oversee the third-party vendor risk lifecycle.
• Coordinate evidence collection and partner with external auditors during annual assessments.
• Perform Data Privacy Impact Assessments (DPIAs) and process Data Subject Access Requests (DSARs).

Requirements

• 3+ years of experience in IT Audit, Information Security, Privacy Operations, or GRC, preferably in B2B SaaS or FinTech.
• Hands-on experience with SOC 2, ISO 27001, GDPR, and CCPA.
• Solid understanding of cloud computing architectures (AWS, Azure, GCP).
• Bachelor’s degree in Information Systems, Cybersecurity, Business, or a related field.
• Must be based in the United States.

Nice to have

• Familiarity with ERP systems, specifically NetSuite.
• Industry certifications such as CISA, CISM, CIPP/E, CIPP/US, or Security+.

Culture & Benefits

• Fully remote work environment with a strong emphasis on flexibility and balance.
• Comprehensive benefits package designed to enrich life beyond the workplace.
• Inclusive and equitable workplace culture as an Equal Opportunity Employer.