Papaya Global is a rapidly growing, award-winning B2B tech unicorn with an ambitious mission to revolutionize the payroll & payments industry. With over $400M raised from multiple tier-one investors, our innovative technology provides a comprehensive solution for managing global workforces, encompassing everything from hiring and onboarding to managing and paying employees in over 160 countries.
We are seeking a GRC Specialist to join the Security group, reporting to the GRC Manager. We are looking for a team player, independent and responsible person, quick learner, who wants to work in a challenging and dynamic environment.
You will:
-
Lead and manage information security compliance programs, including SOC 2 Type I/II and ISO 27001 audits, certifications, and ongoing compliance activities.
-
Support the implementation and maintenance of DORA (Digital Operational Resilience Act) compliance requirements across the organization.
-
Own the end-to-end process of responding to customer security questionnaires, RFPs, and third-party due diligence requests.
-
Conduct risk assessments and help develop risk treatment plans to address identified gaps.
-
Develop, review, and maintain information security policies, standards, procedures, and guidelines.
-
Perform internal audits and gap analyses against regulatory frameworks and industry best practices.
-
Collaborate with cross-functional teams (R&D, IT, Legal, Sales) to embed security and compliance practices across the organization.
-
Monitor and track the remediation of identified risks and compliance gaps.
-
Support vendor and third-party risk management processes, including periodic risk assessments and ongoing monitoring.
-
Leverage AI-enabled tools to streamline compliance workflows, including analysis of security controls, drafting and refinement of compliance documentation, and support in audit preparation and evidence collection.
-
Use AI-assisted capabilities to improve efficiency and accuracy in responding to security questionnaires, risk assessments, and regulatory documentation while maintaining strict compliance and traceability standards.
-
Apply AI tools to support knowledge management, policy drafting, and cross-framework mapping (SOC 2, ISO 27001, DORA) in a controlled and auditable manner.
Requirements:
- 4+ years of hands-on experience in GRC, information security compliance, or a related field.
-
Proven experience managing SOC 2 Type I/II audits and certification processes.
-
Hands-on experience with ISO 27001 implementation and/or certification audits.
-
Familiarity with DORA (Digital Operational Resilience Act) requirements and their practical application.
-
Experience handling customer security questionnaires and due diligence requests – Must.
-
Strong knowledge of information security risk management methodologies and frameworks.
-
Experience working with cross-functional stakeholders and translating compliance requirements into actionable steps.
-
Highly proficient in spoken and written English.
-
Team player, detail-oriented, with strong organizational and communication skills – Must.
-
Experience in a SaaS or B2B tech company – Advantage.
-
Degree in Information Technology / Information Systems / Computer Science – Advantage.
-
Demonstrated ability to effectively leverage AI tools to support compliance operations, including documentation, audit preparation, risk analysis, questionnaire handling, and policy development workflows.
-
Practical experience using AI-assisted tools to enhance accuracy, efficiency, and consistency in governance, risk, and compliance processes while ensuring adherence to regulatory and audit requirements.
