GRC Analyst

About the Company

We’re the world's first unified payment infrastructure, empowering businesses worldwide to unlock their payment potential. By choosing our platform, merchants can take control of their payment stack, create unique commerce experiences, accelerate their roadmap, and increase payment success.

We strive to make something complex incredibly simple and intuitive. The world's top investors—including Accel, Balderton, Iconiq, and Tencent—have backed Primer’s vision to rebuild payments and commerce from the ground up.

Join us in shaping the future of payments and commerce.

About the Role

We’re looking for a GRC Analyst to take ownership of our Governance, Risk & Compliance program.

As our regulatory footprint and customer trust requirements have grown, we’re investing in a dedicated GRC function to ensure we maintain a strong, continuous compliance posture. This is a mid-level individual contributor role reporting into the engineering/security organisation.

You’ll partner closely with engineers as a subject-matter expert while owning the day-to-day execution and operational rhythm of GRC across the business.

Responsibilities

Audit Readiness & Evidence Operations

• Maintain a year-round evidence calendar
• Run continuous control monitoring
• Coordinate with external auditors

External Trust Requests

• Own inbound security questionnaires, vendor assessments, and RFP responses
• Maintain a response library to enable fast, consistent turnaround
• Support deal velocity and procurement processes

Framework-Driven Programs

• Coordinate risk assessments
• Partner on security awareness and training programs
• Govern vulnerability management processes
• Support compliance across frameworks including PCI DSS, DORA, NIS2, and the EU AI Act

Policy Lifecycle Management

• Maintain and update policies
• Manage exceptions and monitor for violations
• Drive remediation and follow-through
• Act as the single point of accountability for policy governance

Certification & Expansion

• Drive certification efforts (e.g. ISO 27001)
• Support operationalisation of new regulatory frameworks as they arise

Qualifications

• 3–5 years’ experience in GRC, compliance, or information security governance
• Hands-on experience coordinating external audits (e.g. SOC 2, PCI DSS, ISO 27001)
• Familiarity with EU regulatory frameworks (GDPR, DORA, NIS2, EU AI Act)
• Experience managing vendor risk assessments and third-party due diligence
• Track record of maintaining continuous (not just annual) evidence and controls

Required Skills

• Strong organisational and operational skills
• Clear, concise communicator able to work across engineering, legal, and leadership
• Experience with GRC platforms (e.g. Vanta, Drata, OneTrust, or similar)
• Detail-oriented with a proactive, systematic approach
• Able to operate independently while knowing when to involve subject-matter experts

Preferred Skills

• Familiarity with IAM processes and access review cycles
• Relevant certifications (e.g. CISA, CRISC, ISO 27001 Lead Implementer)
• Experience in payments, fintech, or regulated environments (especially PCI DSS)

Compensation & Benefits

• 🌍 Fully remote and globally distributed (since day one)
• 💰 Competitive salary + share options
• 🌴 Uncapped holiday (minimum 25 days)
• 🗣️ Co-working space access
• 📅 Workations & company retreats
• 💻 Top-tier equipment
• 🏠 £500 home office setup budget
• 🔎 Generous learning budget
• 🏥 Private medical insurance
• 📈 Additional perks depending on location

Equal Opportunity Statement

At Primer, we’re committed to building a diverse, inclusive, and authentic workplace. If you’re excited about this role but don’t meet every requirement, we encourage you to apply—you may still be the right fit for this or other opportunities.

We are committed to equal treatment for all current and prospective employees and maintain a zero-tolerance approach to discrimination. We welcome applicants regardless of age, disability, sex, sexual orientation, pregnancy and maternity, race or ethnicity, religion or belief, gender identity, or marital status.