Cybersecurity Analyst GRC (Fintech)

TL;DR

Cybersecurity Analyst GRC (Fintech): Strengthening the internal control framework and risk culture within a regulated fintech environment with an accent on security governance, availability, and confidentiality of information systems. Focus on executing second-level controls, monitoring remediation plans, and managing security certifications.

Location: Hybrid (Paris, France)

Company

AI-powered spend management and procurement platform transforming company spending for finance teams.

What you will do

• Perform second-level controls and ensure rigorous execution and documentation.
• Coordinate and monitor action plans for control findings, incidents, and identified weaknesses.
• Prepare reports on control activities and risks for internal stakeholders and risk review committees.
• Improve the cybersecurity aspects of the ongoing control plan in collaboration with Risk and Compliance.
• Manage security certifications including ISO27001, SOC2, and PCI-DSS.
• Promote a risk-based approach and employee awareness of risk management and control.

Requirements

• At least 3 years of experience in permanent control, internal control, risk management, or audit.
• Experience within a financial institution, regulated fintech, or payment institution.
• Knowledge of security frameworks such as ISO27001, SOC2, PCI-DSS, and DORA.
• Good understanding of fintech business models and their regulatory environment.
• Strong analytical, synthesis, and communication skills to present findings clearly.
• Must be based in Paris for hybrid work.

Culture & Benefits

• Flexible on-site and remote policy.
• Latest Apple equipment provided.
• Access to Moka.care for emotional and mental health wellbeing.
• Office snacks and a positive team environment.
• Location-specific benefits including health insurance, meal vouchers, and gym memberships.