Information Security Analyst (GRC & Regulatory Readiness)

About the Company

Paybis is an international FinTech company operating in the crypto and payments space. We build secure, compliant, and user-friendly products for individual and corporate clients worldwide.

As part of strengthening our security and compliance foundations, we are expanding our Security function and looking for an Information Security Analyst to support and gradually take ownership of operational security governance, risk management, and regulatory readiness in a regulated environment.

This role is ideal for a strong mid-level professional who already has hands-on GRC experience in regulated environments and wants to grow into a more autonomous GRC ownership role over time.

Role Purpose

The Information Security Analyst supports and operates core information security governance, risk, and compliance (GRC) activities across the organization.

The role focuses on:

• structuring and maintaining security governance processes,
• supporting MiCA and DORA regulatory readiness,
• managing risk and third-party security processes,
• ensuring audit-ready documentation and evidence.

You will work closely with the CISO, Legal, Compliance, Engineering, and Product teams, gradually increasing your ownership and independence as processes mature.

Key Responsibilities

Security Governance & Documentation

• Maintain and continuously improve security policies, procedures, and internal documentation.
• Help establish and maintain a single source of truth for security documentation.
• Document incident response processes, escalation flows, and post-incident reviews.
• Ensure documentation is current, structured, and audit-ready.

Risk Management

• Support the operation of a centralized information security risk register.
• Track risk ownership, mitigation actions, and remediation progress.
• Participate in periodic risk assessment cycles and reviews.

Regulatory Readiness (MiCA / DORA)

• Support MiCA and DORA implementation activities, including:

  • control mapping,
  • evidence collection,
  • gap tracking and remediation follow-up.
• Help prepare audit-ready evidence packages for internal and external stakeholders.
• Assist in closing gaps between implemented controls and formal documentation.

Third-Party & Vendor Security

• Support vendor and partner security assessments and due diligence.
• Help systematize third-party risk management processes.
• Coordinate security questionnaires and evidence exchange with partners and PSPs.

Audits & Cross-Functional Coordination

• Support internal and external audits.
• Coordinate with Engineering, Legal, Compliance, Product, and Security teams.
• Act as an operational link between technical and non-technical stakeholders.

Required Experience & Skills (Must-Have)

• 3–5 years of experience in Information Security, GRC, or Risk Management.
• Proven experience working in regulated environments (fintech, financial services, crypto, or similar).

• Practical understanding of:

  • information security risk management,
  • third-party / vendor risk management,
  • ISMS fundamentals (ISO 27001 or equivalent).
• Working-level familiarity with MiCA and DORA concepts.
• Experience preparing documentation or evidence for audits or regulatory reviews.

Nice-to-Have

• FinTech or crypto industry experience.
• Exposure to ISO 27001 implementation or maintenance.
• Familiarity with SOC 2 or similar frameworks.
• Experience working closely with a CISO or security leadership.
• Experience interacting with auditors or regulators.

Soft Skills

• Strong sense of ownership and responsibility.
• Ability to work independently while seeking guidance when needed.
• Structured and detail-oriented approach to documentation.
• Clear communication with non-technical stakeholders.
• Pragmatic, solution-oriented mindset (not overly bureaucratic).

Why Join Paybis

• Impact: This is a foundational role shaping the company's security operations.
• Autonomy: Full ownership of one of the company’s most critical products.
• Growth: Direct collaboration with CTO, CIO, and incoming CISO.
• Culture: Fast-moving fintech environment with high trust and responsibility.
• Flexibility: Remote-first setup aligned with EU time zones.
• Medical Insurance.
• Corporate English classes.
• Education Budget for professional development.