GRC Analyst - Remote Opportunity at Primer

About the Role

We’re looking for a GRC Analyst remote to take ownership of our Governance, Risk & Compliance program at Primer. As our regulatory footprint and customer trust requirements have grown, we’re investing in a dedicated GRC function to ensure we maintain a strong, continuous compliance posture. This is a mid-level, individual contributor role reporting into the engineering/security organization. You’ll partner closely with engineers as subject-matter experts while owning the day-to-day execution and operational rhythm of GRC across the business.

What You'll Own

• Audit Readiness & Evidence Operations: Maintain a year-round evidence calendar, run continuous control monitoring, and coordinate with external auditors.
• External Trust Requests: Own inbound security questionnaires, vendor assessments, and RFP responses. Maintain a response library to ensure quick and consistent turnaround, keeping deals and procurement moving.
• Framework-Driven Programs: Coordinate risk assessments, partner on security awareness and training programs, and govern vulnerability management processes. With obligations spanning PCI DSS, DORA, NIS2, and the EU AI Act, you’ll help us stay ahead of evolving requirements.
• Policy Lifecycle Management: Maintain policies, manage exceptions, monitor for violations, and drive remediation follow-through. You’ll be the single point of accountability for keeping our policy framework current and enforceable.
• Certification & Expansion: Drive future certification efforts, including ISO 27001, and support the operationalization of new regulatory frameworks as they come into scope.

Requirements

• 3–5 years in a GRC, compliance, or information security governance role.
• Hands-on experience coordinating external audits (SOC 2, PCI DSS, ISO 27001, or similar).
• Familiarity with EU regulatory frameworks such as GDPR, DORA, NIS2, and the EU AI Act.
• Experience managing vendor risk assessments and third-party due diligence.
• Strong organizational skills and a clear, concise communicator.

Nice to Have

• Familiarity with IAM processes and access review cycles.
• Relevant certifications (CISA, CRISC, ISO 27001 Lead Implementer, or similar).
• Experience in a payments, fintech, or regulated technology environment, particularly with PCI DSS compliance.

What We Offer

• Fully remote and globally distributed work environment.
• Competitive share options.
• Uncapped holiday with a minimum of 25 days to be taken.
• Co-working space access.
• Workations & Company Retreat.
• The best equipment for your role.
• £500 towards your home office setup.
• Generous learning budget.
• Private Medical Insurance.

At Primer, we’re dedicated to building a diverse, inclusive, and authentic workplace. If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply. You may be the right candidate for this or other roles.