GRC Specialist

Papaya Global is a rapidly growing, award-winning B2B tech unicorn with an ambitious mission to revolutionize the payroll & payments industry. With over $400M raised from multiple tier-one investors, our innovative technology provides a comprehensive solution for managing global workforces, encompassing everything from hiring and onboarding to managing and paying employees in over 160 countries. 

We are seeking GRC Specialist to join the Security group, reporting to the GRC Manager. We are looking for a team player, independent and responsible person, quick learner, who wants to work in a challenging and dynamic environment. 

You will 

• Lead and manage information security compliance programs, including SOC 2 Type I/II and ISO 27001 audits, certifications, and ongoing compliance activities 
• Support the implementation and maintenance of DORA (Digital Operational Resilience Act) compliance requirements across the organization 
• Own the end-to-end process of responding to customer security questionnaires, RFPs, and third-party due diligence requests 
• Conduct risk assessments and help develop risk treatment plans to address identified gaps 
• Develop, review, and maintain information security policies, standards, procedures, and guidelines 
• Perform internal audits and gap analyses against regulatory frameworks and industry best practices 
• Collaborate with cross-functional teams (R&D, IT, Legal, Sales) to embed security and compliance practices across the organization 
• Monitor and track the remediation of identified risks and compliance gaps 
• Support vendor and third-party risk management processes, including periodic risk assessments and ongoing monitoring 

• 4+ years of hands-on experience in GRC, information security compliance, or a related field 
• Proven experience managing SOC 2 Type I/II audits and certification processes 
• Hands-on experience with ISO 27001 implementation and/or certification audits 
• Familiarity with DORA (Digital Operational Resilience Act) requirements and their practical application 
• Experience handling customer security questionnaires and due diligence requests – Must 
• Strong knowledge of information security risk management methodologies and frameworks 
• Experience working with cross-functional stakeholders and translating compliance requirements into actionable steps 
• Highly proficient in spoken and written English 
• Team player, detail-oriented, with strong organizational and communication skills – Must 
• Experience in a SaaS or B2B tech company – Advantage 
• Degree in Information Technology / Information Systems / Computer Science – Advantage