Cybersecurity GRC (Governance, Risk & Compliance) Analyst

Company

Kora is a global fiat and stablecoin payment infrastructure - the rails that financial institutions, fintechs, and enterprises use to move money across borders reliably and at scale. We operate across multiple markets globally.

We are not a payments app. We are not a wallet. We are the layer underneath: the settlement infrastructure, the compliance engine, the connectivity that makes cross-border payments work for the companies that build on top of us.

Our vision, which is at the core of what we do every day, is to create a world void of digital financial barriers. We are committed to delivering reliable, secure, and easy-to-use digital financial solutions to every single customer with a guarantee that it is improving their lives. To achieve this mission, we need people like you. Yes, you!

We strongly believe in our ability to find Water in the Desert and pick the Sands in the Ocean.

We value positive energy and clear communication, and are committed to building an inclusive environment for people from every background.

About The Role

As a Cybersecurity GRC Analyst, you will be responsible for supporting the organization’s information security governance, risk management, and compliance programs. This role ensures that security policies, controls, and processes align with regulatory requirements, industry standards, and business objectives. The analyst will assess risks, support audits, and help drive a strong security and compliance culture across the organization.

Here are a couple of things you'll be doing:

• Develop, review, and maintain information security policies, standards, and procedures
• Ensure alignment with industry frameworks (e.g., ISO 27001, NIST CSF, CIS Controls)
• Support the implementation and monitoring of security governance programs
• Drive security awareness initiatives and promote a culture of compliance
• Conduct risk assessments (enterprise, vendor, application, infrastructure)
• Maintain and update the organization’s risk register
• Perform control gap assessments and recommend remediation actions
• Support third-party/vendor risk management processes
• Track and report on risk treatment plans and mitigation progress
• Support compliance with regulatory and industry requirements (e.g., PCI DSS, SOC 2, GDPR)
• Coordinate internal and external audits, including evidence collection and walkthroughs
• Monitor compliance posture and track remediation of audit findings
• Assist in the development of compliance reports and dashboards for management
• Collaborate with security and IT teams to ensure controls are effectively implemented
• Assist in incident response from a compliance and reporting perspective
• Support control testing and continuous monitoring activities
• Maintain accurate documentation of policies, risk assessments, and control activities

• Other duties as assigned by the CISO.

Requirements

Here's what we're looking for:

• 2–4 years of experience in cybersecurity, IT risk, compliance, or audit
• Minimum of a Bachelor’s degree certificate
• Strong understanding of information security frameworks and standards (ISO 27001, NIST, SOC 2, PCI DSS)
• Experience with risk assessment methodologies and control frameworks
• Familiarity with regulatory requirements relevant to the industry (e.g., financial services, data protection laws)
• Experience with GRC tools
• Good communication & interpersonal skills
• Positive attitude
• Ability to handle stress appropriately and interact well with others.

Key Skills:

• Strong analytical and risk assessment skills
• Attention to detail and strong documentation capabilities
• Excellent communication and stakeholder management skills
• Ability to translate technical risks into business impact
• Strong organizational and project management abilities
• High level of integrity and professionalism

Equal Opportunity Employer

Kora is an equal-opportunity employer dedicated to building an inclusive and diverse workforce. All employment decisions are based on qualifications, experience, and business needs. We strongly encourage applications from underrepresented communities and diverse ethnic groups to apply.

Please feel free to inform us if you need any accommodations to facilitate your participation in the recruitment process. Any details you share will be used solely to ensure we can support and accommodate your needs appropriately.

Benefits

• Health insurance
• Sponsored and tailored training
• Paid parental leave
• Paid time-off
• Flexible work style
• Low-interest loans
• Group Life Insurance
• Access to up to four therapy sessions monthly
• Day off on your birthday 🎂 🎁 🎉
• Employee interest groups that provide supportive communities within Kora
• Great company culture and the opportunity to work with a highly collaborative team building something great!

Note: We recognise imposter syndrome is real - any candidate who does not perfectly fit every characteristic of this role is still strongly encouraged to apply.