GRC Specialist

Papaya Global is a rapidly growing, award-winning B2B tech unicorn with an ambitious mission to revolutionize the payroll & payments industry. With over $400M raised from multiple tier-one investors, their technology provides a comprehensive solution for managing global workforces in over 160 countries.

• 4+ years of hands-on experience in GRC, information security compliance, or a related field
• Proven experience managing SOC 2 Type I/II audits and certification processes
• Hands-on experience with ISO 27001 implementation and/or certification audits
• Familiarity with DORA (Digital Operational Resilience Act) requirements and their practical application
• Experience handling customer security questionnaires and due diligence requests
• Strong knowledge of information security risk management methodologies and frameworks
• Experience working with cross-functional stakeholders and translating compliance requirements into actionable steps
• Highly proficient in spoken and written English
• Team player, detail-oriented, with strong organizational and communication skills
• Experience in a SaaS or B2B tech company (advantage)
• Degree in Information Technology / Information Systems / Computer Science (advantage)

• Lead and manage information security compliance programs, including SOC 2 Type I/II and ISO 27001 audits, certifications, and ongoing compliance activities
• Support the implementation and maintenance of DORA (Digital Operational Resilience Act) compliance requirements across the organization
• Own the end-to-end process of responding to customer security questionnaires, RFPs, and third-party due diligence requests
• Conduct risk assessments and help develop risk treatment plans to address identified gaps
• Develop, review, and maintain information security policies, standards, procedures, and guidelines
• Perform internal audits and gap analyses against regulatory frameworks and industry best practices
• Collaborate with cross-functional teams (R&D, IT, Legal, Sales) to embed security and compliance practices across the organization
• Monitor and track the remediation of identified risks and compliance gaps
• Support vendor and third-party risk management processes, including periodic risk assessments and ongoing monitoring