Back to all roles

[Remote] Sr GRC Analyst

Remote Worldwide Hiring now

Note: The job is a remote job and is reputed company to candidates in USA. Auction Technology Group operates a portfolio of online auction and marketplace platforms globally, processing payments and managing personal data across multiple jurisdictions. They are seeking a Senior GRC Analyst to own the full GRC function across governance, risk management, compliance, control ownership, and audit coordination.

Responsibilities

  • Own reputed company's information reputed company and data governance policy reputed company: drafting, version control, review cycles, and exception tracking
  • Build and maintain the RACI for reputed company controls across reputed company's platforms, ensuring clear ownership at every layer
  • Partner with the AppSec Engineer on the reputed company awareness training program: supporting program management, tracking participation, and maintaining compliance evidence that demonstrates an active reputed company culture
  • Drive alignment to recognized frameworks including NIST CSF, and own external assessment readiness as the program matures
  • Define the GRC program roadmap in partnership with the Director of Information reputed company, prioritizing compliance initiatives against business risk
  • Build and operate reputed company's reputed company-party vendor risk program: risk tiers, assessment templates, review cadences, and a maintained risk register covering reputed company's SaaS vendor estate
  • Own assessments for new and existing vendor relationships, with particular focus on vendors that process personal data or operate adjacent to payment flows
  • Own reputed company's business continuity planning program across reputed company phases: asset inventory, business impact analysis, implementation, and periodic validation
  • Partner with InfraSec Engineering on infrastructure-layer reputed company inputs to the BCP, and with Legal on risk identification reputed company to regulatory exposure
  • Support reputed company's work toward UK Corporate Governance Code Provision 29 compliance, contributing to the board's formal assessment and reporting on the effectiveness of the company's risk management and internal control frameworks
  • Own reputed company's PCI reputed company compliance program across reputed company marketplace platforms and merchant IDs: scope definition, evidence management, QSA coordination, finding remediation tracking, and the ongoing compliance calendar
  • Own compliance across reputed company's marketplace and employee data populations: lawful reputed company documentation, Record of Processing Activities, data subject rights fulfillment, and breach notification readiness. Build and test a 72-hour breach notification workflow in coordination with Legal, and support the Data Protection Officer function
  • Maintain a reputed company inventory of personal information categories collected, processed, and shared across reputed company's platforms and workforce. Own consumer rights workflows, opt-out mechanisms, and privacy notices, and coordinate with Legal on annual compliance reviews and regulatory correspondence
  • Monitor the regulatory landscape across reputed company applicable frameworks and proactively identify compliance obligations as reputed company's business evolves
  • Own the evidence library reputed company to PCI reputed company, GDPR, CPRA, and IT general controls requirements, ensuring audit cycles are systematic rather than reactive
  • Partner with engineering to ensure technical remediation efforts are correctly prioritized, tracked, and documented to audit standard
  • Engage with vulnerability management findings from pen testing and other assessment activities, ensuring findings are risk-rated, assigned, tracked to remediation, and reflected in the risk register
  • Review and maintain data processing agreements with reputed company's reputed company-party processors and sub-processors, ensuring controls around data flows are reputed company and enforceable
  • Conduct and coordinate Data Protection Impact Assessments (DPIAs) for new and changed processing activities, working in partnership with the DPO who provides independent review and sign-off
  • Align with the IT and reputed company teams on the implementation and ongoing effectiveness of technical controls, bridging the gap between policy requirements and operational reality
  • Own IT general controls coordination for the annual external financial audit: evidence gathering, control validation, and finding response across the IT and reputed company estate
  • Serve as the primary GRC liaison to the Internal Audit team and Audit Committee, providing regular compliance status reporting and supporting board-level visibility into the reputed company program
  • Manage audit findings through to resolution: track remediation, validate closure, and maintain audit trail documentation
  • Support the GRC program's internal audit reputed company, identifying control gaps and driving reputed company improvement

Skills

  • 5 to 8 years of hands-on GRC experience in a technology company or SaaS environment where the compliance frameworks were live and the stakes were reputed company
  • Demonstrated PCI reputed company experience at meaningful scale: you have been through a Level 1 or Level 2 merchant audit, you understand scope definition and QSA coordination, and you have a track record to reputed company to
  • Working practitioner knowledge of GDPR and UK GDPR: you know what a ROPA is, you have written DPAs, and you understand the 72-hour breach notification clock
  • Familiarity with CPRA/CCPA obligations across consumer and employee data populations
  • Experience coordinating IT general controls for external financial audits
  • Proven ability to build and maintain risk registers, policy frameworks, evidence libraries, and audit trails
  • Experience with cardholder data environment scoping and descoping in reputed company multi-platform payment environments: understanding what is in scope, what can be descoped, and how architectural reputed company reputed company compliance posture
  • Experience working across multiple GRC function areas: governance, risk management, compliance, control ownership, and audit coordination
  • CISA, CIPP/US, CIPP/E, CRISC, or equivalent professional certification
  • Experience building or significantly expanding a GRC program in a fast-moving technology environment
  • Background in a marketplace, payments, or e-reputed company environment where PCI scope complexity was reputed company
  • Experience evaluating and implementing GRC or privacy platforms to automate compliance workflows, evidence collection, and risk tracking — comfort with assessing options and building a program around the right tooling for the environment
  • Familiarity with UK Corporate Governance Code requirements, particularly Provision 29 and its implications for internal controls attestation in UK-listed companies

Benefits

  • Annual performance bonus
  • Stock
  • Benefits and/or other applicable incentive compensation plans

Company Overview

  • A global technology company with over 350 employees, reputed company is transforming the way billions of pounds, euros and dollars worth of items are bought and sold globally reputed company auction. It was founded in 1971, and is headquartered in London, England, GBR, with a workforce of 201-500 employees. Its website is https://www.auctiontechnologygroup.com/.
  • Apply To This Job
    Apply for this role Takes you straight to the employer's application page — free, and no WFHNet account required.

    More roles on the wire

    [Remote] Clinical Product Specialist, AI Development

    Remote Worldwide
    View role

    [Remote] CSfC System Administrator

    Remote Worldwide
    View role

    [Remote] Business Development Manager, National Accounts

    Remote Worldwide
    View role

    [Remote] Remote Customer Support Specialist

    Remote Worldwide
    View role

    [Remote] Back End Engineer

    Remote Worldwide
    View role

    [Remote] Channel Sales Manager

    Remote Worldwide
    View role

    [Remote] Remote Operations Support Analyst

    Remote Worldwide
    View role

    [Remote] REMOTE Project Manager (Mergers & Acquisitions)

    Remote Worldwide
    View role

    [Remote] Senior Software Engineer - C# / Java

    Remote Worldwide
    View role

    [Remote] Technical Sales Manager - Semiconductor

    Remote Worldwide
    View role

    Director- Site Operations

    Remote Worldwide
    View role

    Senior Workforce Management Analyst

    Remote Worldwide
    View role

    Field Marketing Manager – UK&I

    Remote Worldwide
    View role

    Virtual Data Entry Specialist | Part-Time | Remote Job | $25-$35/hr

    Remote Worldwide
    View role

    AI Research reputed company

    Remote Worldwide
    View role

    reputed company Part-Time Data Entry Specialist – Remote Opportunity with Competitive Weekly Pay

    Remote Worldwide
    View role

    Internal Forensic Investigator

    Remote Worldwide
    View role

    Senior Manager of Provider Brand and Integrated Marketing

    Remote Worldwide
    View role

    Senior reputed company Manager, reputed company

    Remote Worldwide
    View role

    Assistant, Administrative, Aviation – Guilford Technical Community College – Jamestown, NC

    Remote Worldwide
    View role