Governance Risk and Compliance Analyst

Join Our Team!

At Fidel API (part of Enigmatic Smile Group), we're not just creating innovative solutions in the fintech space; we're building a team that thrives on accountability, integrity, and creativity. As a Governance Risk and Compliance Analyst, you will be at the forefront of ensuring our operations adhere to the highest standards of industry regulations and corporate governance.

Your role is vital in helping us navigate the complex world of compliance, risk management, and corporate governance, allowing us to maintain trust with our partners and clients. Collaborating with various teams, you will provide insights, drive improvements, and engage with stakeholders to foster a culture of compliance.

We cherish diversity and believe in empowering every team member to contribute their ideas and innovations. Your insights and expertise will directly impact how we enhance our compliance framework while promoting our mission of transparency and excellence.

Requirements

Key Responsibilities:

• Maintain security controls and compliance frameworks aligned with ISO 27001, PCI-DSS, and SOC 2 across cloud environments (primarily AWS).
• Support technical risk assessments, security reviews, and cloud configuration audits with a consistent, methodical approach to identifying gaps.
• Document, monitor, and track risks in alignment with the company’s risk management framework and support periodic reviews and updates of the risk register
• Collect, organize, and maintain audit evidence in a well-structured, accessible format to support ongoing compliance efforts.
• Keep documentation up to date — including policies, procedures, standards, and compliance artifacts — with a focus on accuracy and clarity.
• Collaborate closely with DevOps and engineering teams to integrate secure-by-design principles into infrastructure and development practices.
• Monitor vulnerabilities, alerts, and incidents, supporting the complete response lifecycle from triage through resolution and documentation.
• Support the Business Continuity and Incident Response programs, including coordinating exercises and tracking readiness reviews.
• Automate compliance tasks and reporting using tools like Vanta, Sprinto, Drata, or similar GRC platforms.
• Maintain clean, reliable dashboards and reports to track key risk indicators (KRIs) and compliance KPIs, ensuring timely updates and accuracy.
• Stay current on regulatory changes, threat trends, and cloud security best practices — and apply this knowledge to strengthen daily operations.

Qualifications:

• 2+ years of experience in GRC, IT compliance, or information security roles.
• Familiarity with ISO 27001, PCI-DSS, and SOC 2 frameworks, with practical implementation experience.
• Proficiency with GRC platforms such as Vanta, Sprinto, Drata, others.
• Experience supporting incident management workflows and contributing to response activities.
• Exposure to Business Continuity/Disaster Recovery testing and related documentation.
• Hands-on experience with cloud environments (especially AWS), focusing on secure configurations and compliance validation.
• Naturally detail-oriented and structured in your way of working — with a focus on repeatability, completeness, and follow-through.
• Strong written and verbal communication skills, especially for documenting processes and collaborating across teams.

Nice to Have:

• ISO 27001 Foundation or equivalent certification.
• AWS Security Specialty or similar cloud security qualification.
• Experience in regulated industries such as fintech or SaaS.

Benefits

• Annual gross salary between €38,000 and €45,000, depending on experience and qualifications.
• Flexible working hours and work remotely.
• A security-driven organization with strong support for certifications and learning.
• A collaborative and structured culture where attention to detail and continuous improvement are valued.
• Health Insurance
• 23 days vacation allowance
• Social Activity budget