About this role
An Introduction to Primer
Primer is the unified infrastructure for global payments. We give finance and payments teams the visibility and control to reduce complexity, improve performance, and capture more revenue - all from a single platform.
Backed by Sofina, Peak XV Partners, ICONIQ, Tencent, Accel, and Balderton, we're building the payments layer the world's best companies rely on.
Watch our showcase > https://primer.io/the-primer-showcase
Read up on our $100m Series C https://www.primer.io/blog/series-c
Learn more about our culture > https://primer.io/careers
ABOUT THE ROLE
We're looking for a GRC Analyst to take ownership of our Governance, Risk & Compliance program. As our regulatory footprint and customer trust requirements have grown, we're investing in a dedicated GRC function to ensure we maintain a strong, continuous compliance posture.
This is a mid-level, individual contributor role reporting into the engineering/security organisation. You'll partner closely with engineers as subject-matter experts while owning the day-to-day execution and operational rhythm of GRC across the business.
WHAT YOU'LL OWN
AUDIT READINESS & EVIDENCE OPERATIONS
Maintain a year-round evidence calendar, run continuous control monitoring, and coordinate with external auditors.
EXTERNAL TRUST REQUESTS
Own inbound security questionnaires, vendor assessments, and RFP responses. Maintain a response library so we can turn these around quickly and consistently, keeping deals and procurement moving.
FRAMEWORK-DRIVEN PROGRAMS
Coordinate risk assessments, partner on security awareness and training programs, and govern vulnerability management processes. With obligations spanning PCI DSS, DORA, NIS2, and the EU AI Act, you'll help us stay ahead of evolving requirements.
POLICY LIFECYCLE MANAGEMENT
Maintain policies, manage exceptions, monitor for violations, and drive remediation follow-through. You'll be the single point of accountability for keeping our policy framework current and enforceable.
CERTIFICATION & EXPANSION
Drive future certification efforts, including ISO 27001, and support the operationalisation of new regulatory frameworks as they come into scope.
WHAT WE'RE LOOKING FOR
EXPERIENCE
- 3–5 years in a GRC, compliance, or information security governance role
- Hands-on experience coordinating external audits (SOC 2, PCI DSS, ISO 27001, or similar)
- Familiarity with EU regulatory frameworks such as GDPR, DORA, NIS2, and the EU AI Act
- Experience managing vendor risk assessments and third-party due diligence
- Track record of maintaining evidence and controls on a continuous (not just annual) basis
SKILLS & QUALITIES
- Strong organisational skills
- Clear, concise communicator who can work across engineering, legal, and leadership teams
- Comfortable working with compliance tooling and GRC platforms (e.g., Vanta, Drata, OneTrust, or similar)
- Detail-oriented with a bias for proactive, systematic work over reactive cleanup
- Able to operate independently while knowing when to pull in subject-matter experts
NICE TO HAVE
- Familiarity with IAM processes and access review cycles
- Relevant certifications (CISA, CRISC, ISO 27001 Lead Implementer, or similar)
- Experience in a payments, fintech, or regulated technology environment, particularly with PCI DSS compliance
✅ A TYPICAL INTERVIEW PROCESS
- An initial intro call with a Talent Partner
- An interview with the Hiring Manager
- Challenge Stage - Contextualised to the role
- A final, values-alignment interview
WHAT'S THE CULTURE LIKE AT PRIMER?
We're building a culture where people can do their best work and be proud of the impact they have. You'll be working with people who are mission-driven, smart, and reflective, and who are genuinely invested in building exceptional products and delivering success for our merchants.
We work remotely, and have done since day one. We believe that building a successful, profitable company goes beyond proximity. We invest in our relationships through great remote working practices and thoughtfully designed face-to-face time, including workations, our annual company retreat, and co-working space access worldwide.
The work is challenging. Scaleups are a challenge, and building category-defining products is a challenge. But there's a meaningful difference between a challenge and a struggle. At Primer, the right challenge comes with the right support: strong onboarding, a collaborative environment, and a team that is genuinely invested in your success. It's never something you face alone.
OUR BENEFITS
🌍 We are fully remote and globally distributed; and have been since day one
💰 Competitive share options
🌴 Uncapped holiday, with 25 days minimum to be taken
🗣️ Co-working space access
📅 Workations & Company Retreat
💻 The best equipment for your role
🏠 £500 towards your home office setup
🔎 Generous learning budget
🏥 Private Medical Insurance
📈 A broad set of additional perks and benefits (depending on location)
DON’T MEET EVERY SINGLE REQUIREMENT?
At Primer, we're dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role but your experience doesn't align perfectly with every qualification listed, we encourage you to apply. You may be the right candidate for this or other roles.
Primer is committed to the equal treatment of all current and prospective employees and adopts a zero-tolerance approach to discrimination, regardless of age, disability, sex, sexual orientation, pregnancy and maternity, race or ethnicity, religion or belief, gender identity, marriage and civil partnership, or any other background or belief.
Primer is the unified infrastructure for global payments. We give finance and payments teams the visibility and control to reduce complexity, improve performance, and capture more revenue - all from a single platform.
Backed by Sofina, Peak XV Partners, ICONIQ, Tencent, Accel, and Balderton, we're building the payments layer the world's best companies rely on.
Watch our showcase > https://primer.io/the-primer-showcase
Read up on our $100m Series C https://www.primer.io/blog/series-c
Learn more about our culture > https://primer.io/careers
ABOUT THE ROLE
We're looking for a GRC Analyst to take ownership of our Governance, Risk & Compliance program. As our regulatory footprint and customer trust requirements have grown, we're investing in a dedicated GRC function to ensure we maintain a strong, continuous compliance posture.
This is a mid-level, individual contributor role reporting into the engineering/security organisation. You'll partner closely with engineers as subject-matter experts while owning the day-to-day execution and operational rhythm of GRC across the business.
WHAT YOU'LL OWN
AUDIT READINESS & EVIDENCE OPERATIONS
Maintain a year-round evidence calendar, run continuous control monitoring, and coordinate with external auditors.
EXTERNAL TRUST REQUESTS
Own inbound security questionnaires, vendor assessments, and RFP responses. Maintain a response library so we can turn these around quickly and consistently, keeping deals and procurement moving.
FRAMEWORK-DRIVEN PROGRAMS
Coordinate risk assessments, partner on security awareness and training programs, and govern vulnerability management processes. With obligations spanning PCI DSS, DORA, NIS2, and the EU AI Act, you'll help us stay ahead of evolving requirements.
POLICY LIFECYCLE MANAGEMENT
Maintain policies, manage exceptions, monitor for violations, and drive remediation follow-through. You'll be the single point of accountability for keeping our policy framework current and enforceable.
CERTIFICATION & EXPANSION
Drive future certification efforts, including ISO 27001, and support the operationalisation of new regulatory frameworks as they come into scope.
WHAT WE'RE LOOKING FOR
EXPERIENCE
- 3–5 years in a GRC, compliance, or information security governance role
- Hands-on experience coordinating external audits (SOC 2, PCI DSS, ISO 27001, or similar)
- Familiarity with EU regulatory frameworks such as GDPR, DORA, NIS2, and the EU AI Act
- Experience managing vendor risk assessments and third-party due diligence
- Track record of maintaining evidence and controls on a continuous (not just annual) basis
SKILLS & QUALITIES
- Strong organisational skills
- Clear, concise communicator who can work across engineering, legal, and leadership teams
- Comfortable working with compliance tooling and GRC platforms (e.g., Vanta, Drata, OneTrust, or similar)
- Detail-oriented with a bias for proactive, systematic work over reactive cleanup
- Able to operate independently while knowing when to pull in subject-matter experts
NICE TO HAVE
- Familiarity with IAM processes and access review cycles
- Relevant certifications (CISA, CRISC, ISO 27001 Lead Implementer, or similar)
- Experience in a payments, fintech, or regulated technology environment, particularly with PCI DSS compliance
✅ A TYPICAL INTERVIEW PROCESS
- An initial intro call with a Talent Partner
- An interview with the Hiring Manager
- Challenge Stage - Contextualised to the role
- A final, values-alignment interview
WHAT'S THE CULTURE LIKE AT PRIMER?
We're building a culture where people can do their best work and be proud of the impact they have. You'll be working with people who are mission-driven, smart, and reflective, and who are genuinely invested in building exceptional products and delivering success for our merchants.
We work remotely, and have done since day one. We believe that building a successful, profitable company goes beyond proximity. We invest in our relationships through great remote working practices and thoughtfully designed face-to-face time, including workations, our annual company retreat, and co-working space access worldwide.
The work is challenging. Scaleups are a challenge, and building category-defining products is a challenge. But there's a meaningful difference between a challenge and a struggle. At Primer, the right challenge comes with the right support: strong onboarding, a collaborative environment, and a team that is genuinely invested in your success. It's never something you face alone.
OUR BENEFITS
🌍 We are fully remote and globally distributed; and have been since day one
💰 Competitive share options
🌴 Uncapped holiday, with 25 days minimum to be taken
🗣️ Co-working space access
📅 Workations & Company Retreat
💻 The best equipment for your role
🏠 £500 towards your home office setup
🔎 Generous learning budget
🏥 Private Medical Insurance
📈 A broad set of additional perks and benefits (depending on location)
DON’T MEET EVERY SINGLE REQUIREMENT?
At Primer, we're dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role but your experience doesn't align perfectly with every qualification listed, we encourage you to apply. You may be the right candidate for this or other roles.
Primer is committed to the equal treatment of all current and prospective employees and adopts a zero-tolerance approach to discrimination, regardless of age, disability, sex, sexual orientation, pregnancy and maternity, race or ethnicity, religion or belief, gender identity, marriage and civil partnership, or any other background or belief.
About Primer API Limited
Primer API Limited is hiring for the grc analyst - security role. NewJob aggregates active openings directly from Primer API Limited's applicant tracking system, so this listing is current.
More jobs at Primer API Limited →