Information Security Governance, Risk & Compliance Analyst

About us:

BVNK focuses on delivering modern payments infrastructure for businesses, bringing together banks and blockchains on a unified platform. As a global team spanning various regions, we are united by the belief in the transformative potential of blockchain technology for seamless global payments.

Our track record includes recognition in The Top 100 Global Most Loved Workplaces in consecutive years, demonstrating our commitment to a thriving work environment.

About this role in the team:

The Information Security Governance, Risk & Compliance (Infosec GRC) Analyst position at BVNK assumes a critical role in bolstering and enhancing our information security and privacy frameworks. The core responsibilities involve generating regular reports, metrics, and ensuring the smooth execution of all cybersecurity and privacy protocols. The primary aim is to ensure compliance with regulatory mandates and safeguard the integrity of customer and company data. The GRC Specialist serves as a proficient entity in security governance, compliance, and privacy matters, skillfully aligning legal mandates with IT and security operations while addressing the pragmatic business needs of the organization.

Key Areas of Responsibilities:

• Sustain and optimize existing security and privacy workflows, identifying areas for enhancement.
• Manage business continuity, operational resilience, and disaster recovery processes, coordinating necessary activities and updating documentation.
• Gather essential data for security reports, ensure data accuracy, and keep track of performance metrics.
• Harmonize various processes to maintain compliance with Digital Operational Resilience Act (DORA) and other regulatory obligations.
• Develop, review, and uphold operational resilience, data protection, and privacy policies in accordance with legal requirements and industry standards.
• Perform Data Impact Assessments (DIAs) to ensure data protection and compliance, maintaining the Data Inventory Map.
• Collaborate cross-functionally to embed privacy in all stages of product development and ensure GDPR compliance.
• Implement procedures for managing Data Subject Access Requests (DSAR) and adherence.
• Customize and evaluate security awareness training programs for potential improvements.
• Lead data mapping initiatives to identify and categorize data flows within the organization.
• Stay abreast of advances in information security compliance and privacy laws for ongoing organizational alignment.

What we need from you:

• Develop clear policies and plans compliant with data protection laws and standards.
• Proficient in conducting Data Impact Assessments, compliance gap analysis, or Business Impact Analysis.
• Efficiently map and categorize data flows.
• Proficient in current data protection laws, regulations, policies, and ethics.
• Tailor privacy and data protection concepts for varying audience levels.
• Excellent communication skills across all management tiers for conveying privacy principles effectively.

Qualifications & Experience:

• Bachelor's degree in Compliance, Audit, Information Security, or related fields, or equivalent professional experience.
• 1-3 years of experience in roles like Privacy Analyst, Data Protection Analyst, IT Auditor, or similar positions.
• Demonstrated expertise in privacy and security laws and regulations, including GDPR, US Data Privacy, DORA, and UK Operational Resilience.
• Familiarity with Vanta is advantageous.
• Strong analytical and problem-solving abilities.
• Comfort working autonomously and collaboratively within a dynamic environment.
• Privacy certification such as CIPP, CIPM, CDPSE preferred.
• Knowledge or experience in ISO 27001 implementation considered a plus.

What you can expect from us:

• Competitive salary throughout your growth.
• Ownership in the business through our employee option scheme.
• Hybrid and flexible working hours.
• Collaborative culture of growth-driven individuals.
• Flexible holiday policy.
• Opportunities to travel to various global offices for collaboration.
• Open and creative environment to contribute to defining BVNK's future.