GRC Analyst I

• Hands-on experience with risk assessment methodologies, tools, and compliance platforms.
• 2–4 years of experience in Governance, Risk, and Compliance roles, with exposure to frameworks like ISO 27001, PCI DSS, and SOC 2.
• Remote-first opportunity for US-based employees with the option to work in-person out of our Manhattan office

Start your adventure with Zip

Join Zip’s Technology, Engineering and Cyber-Security function and put your name to solving fascinating challenges at scale in an agile, test-driven development environment. If you value good domain-driven design and enjoy delivering quality work at pace, you’ll be a great fit with the squads responsible for building cloud-native software applications that serve millions of customers and process billions of dollars in payments.

We are seeking a seasoned GRC Analyst I to join our cybersecurity team. This role will be critical in advancing our Governance, Risk, and Compliance (GRC) initiatives, ensuring our organization aligns with industry best practices and regulatory requirements. The Senior GRC Analyst will lead and collaborate on Business Continuity Planning (BCP), Disaster Recovery Planning (DRP), and frameworks such as ISO 27001, PCI DSS, and SOC 2. This position offers a unique opportunity to shape the security posture of a growing organization by driving strategic compliance initiatives, managing risk, and enhancing resilience.

Interesting problems you’ll get to solve

• Governance & Compliance:
• Lead efforts to implement and maintain compliance with ISO 27001, PCI DSS, and SOC 2 frameworks.
• Develop, update, and maintain security policies, procedures, and controls to meet regulatory and business requirements.
• Conduct gap analyses and readiness assessments for compliance initiatives.
• Risk Management:
• Perform risk assessments, identify vulnerabilities, and recommend mitigations to align with enterprise risk management strategies.
• Collaborate with cross-functional teams to prioritize and remediate identified risks.
• Maintain and enhance the risk register and track Key Risk Indicators (KRIs).
• Business Continuity & Disaster Recovery:
• Drive the development, testing, and maintenance of BCP/DRP processes.
• Partner with IT and business units to ensure critical systems and data remain operational during disruptions.
• Regularly test and improve DRP scenarios and recovery plans.
• Audit & Reporting:
• Coordinate internal and external audits related to PCI DSS, SOC 2, and other relevant frameworks.
• Prepare detailed reports on compliance status, risks, and mitigation progress for leadership.
• Provide subject matter expertise during audit engagements.
• Training & Awareness:
• Promote a culture of security awareness by developing and delivering GRC-focused training.

What you’ll bring to the team

• Bachelor's degree in Information Security, Computer Science, or a related field.
• 2+ years of experience (ideally targeting 4) in Governance, Risk, and Compliance roles, with exposure to frameworks such as ISO 27001, PCI DSS, and SOC 2.
• Strong experience in developing and implementing BCP and DRP strategies.
• Hands-on experience with risk assessment methodologies and tools.
• Excellent knowledge of compliance platforms
• Certifications such as CISSP, CRISC, CISA, or ISO 27001 Lead Auditor preferred.
• Exceptional analytical, problem-solving, and communication skills.

What you’ll get in return

Zip is a place where you’ll get out what you put in. The newness of our sector means we need to move at pace and embrace change, and our promise to you when you join the team is that you’ll feel empowered and trusted to make big things happen quickly. 

We want you to feel welcome and as though you have the support to be yourself, and care for yourself at work. Because it’s important to us that you make the most of the opportunities you’ll get to grow your skills and your career, and be surrounded by smart, friendly people and leaders that have your back.

We think these are just some of the best things about being a Zipster. We will also offer you:

• Flexible working culture
• Incentive programs
• 20 days PTO every year
• Generous paid parental leave
• Leading family support policies
• 100% employer covered insurance
• Beautiful Union Square office with a casual dress code
• Learning and wellness subscription stipend
• Company-sponsored 401k match

The annual base Pay Range for this position is $104,000 - $130,000. This range reflects our US national compensation (USN). Additional premium percentages may apply based on our tiered premium strategy.

Subject to those same considerations, the total compensation package for this position may also include other elements, including a bonus and/or equity awards, in addition to a full range of medical, financial, and/or other benefits. 

If hired, employees will be in an 'at-will position' and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation or benefit program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

Be a part of a team that reflects the diversity of our customers

We pride ourselves on being a workplace that provides equal opportunities to people of all ages, cultural backgrounds, sexual orientations, gender identities, abilities, veteran status, and everything else that makes you unique.

Equally, we’re committed to ensuring our recruitment processes are accessible and inclusive. Please let us know If there are any adjustments that need to be made to ensure you have a fair and equitable experience.

And finally…get to know us

Zip Co Limited (ASX: ZIP) is a digital financial services company, offering innovative, people-centered products.

Operating in two core markets - Australia and New Zealand (ANZ) and the US, Zip offers access to point-of-sale credit and digital payment services, connecting millions of customers with its global network of tens of thousands of merchants.

We’re proud to be a values-led business and our values - Customer First, Own it, Stronger Together and Change the Game - guide us in everything we do.

I acknowledge by clicking "Submit Application", that the information provided is true and correct. I also understand that any willful dishonesty may render for refusal of this application or immediate termination of employment. By providing your information, you acknowledge that you have read our Zip Applicant and Candidate Privacy Notice and authorize Zip to process your data subject to those terms

Before you apply, give Zip a try   -> rebrand.ly/check-zip-out

Zip participates in the federal government’s E-Verify program