Cybersecurity Analyst GRC

Spendesk is on a mission to transform how finance teams work by creating intuitive solutions that make spending decisions faster and smarter. We’re looking for a ICT Risk & Control Officer to join our Security team. In this role, you will help strengthen our internal control framework, support a strong risk culture across the business, and contribute to the robustness of our regulatory and operational risk management practices in a fast-moving fintech environment.

About The Role

As a ICT Risk & Control Officer at Spendesk, you will play a key role in the second‑line control framework, helping ensure that risks are identified, assessed, monitored, and addressed effectively across the organisation. Reporting to the Head of Security, your scope of activity will focus on cyber controls related to security governance as well as the availability, confidentiality and integrity of Spendesk group information systems and data, particularly in the context of security certifications and regulatory obligations. You will work closely with the other Permanent Control Officers in the Risk & Compliance team to cover the scope of permanent control activities across the business. You will contribute to the execution of second‑level controls, the monitoring of remediation plans, and the continuous improvement of the company’s control environment. This is a highly cross‑functional role that requires strong analytical skills, sound judgement, and the ability to navigate a dynamic and regulated fintech environment.

What You’ll Be Doing

• Perform second‑level controls in accordance with the control plan, ensuring their rigorous execution, clear documentation, and appropriate follow‑up.
• Coordinate and monitor action plans arising from control findings, incidents, or identified weaknesses, in collaboration with the relevant business teams.
• Prepare clear and concise reports on control activities, findings, the progress of corrective actions, and key risk topics for internal stakeholders and participate in risk review committees.
• Contribute to the design, review, and continuous improvement of the ongoing control plan's cybersecurity aspects, in conjunction with the Risk and Compliance department.
• Participate in the management of Spendesk Group security certifications (ISO27001, SOC2, PCI‑DSS…).
• Support the promotion of a risk‑based approach within the company by contributing to employee awareness and encouraging best practices in risk management and control.

What We’re Looking For

• At least 3 years of experience in a similar role in permanent control, internal control, risk management or audit.
• Previous experience within a financial institution, regulated fintech, payment institution, or e‑money institution is required.
• Knowledge of security frameworks such as ISO27001, SOC2, PCI‑DSS, DORA…
• Good understanding of fintech business models and their regulatory environment.
• Strong analytical and synthesis skills, with the ability to identify key issues, assess risks, and formulate practical recommendations.
• Excellent writing and communication skills, with the ability to present findings clearly and interact effectively with a wide range of stakeholders.
• Strong interpersonal skills, with the ability to build constructive relationships across teams and functions.
• A rigorous, organised, and proactive mindset, with strong attention to detail and a collaborative approach.

As we are an international team, please submit your application and CV in English.