Discover your dream Career
For Recruiters

IT Governance, Risk & Compliance (GRC) Specialist, Luxembourg

Stripe Luxembourg
Posted 11 days ago Permanent Competitive

IT Governance, Risk & Compliance (GRC) Specialist, Luxembourg

Stripe Luxembourg
IT Governance, Risk & Compliance (GRC) Specialist, Luxembourg
Who we are
About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies-from the world's largest enterprises to the most ambitious startups-use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team

Bridge Building S.A. (BBSA) is the Luxembourg regulated entity of Bridge, a Stripe company. We operate as an EMI and future CASP in one of Europe's most demanding regulatory environments (CSSF, DORA, MiCA).

BBSA is building a local regulated platform powered by a global-first technology model.
What you'll do

In this context, we're looking for an IT GRC Analyst to act as the bridge between strict European regulations and high-velocity global engineering.

This role is the control and risk right hand of the Bridge Global CISO. While our global teams build the tech, you ensure it is compliant, resilient, and audit-ready. You'll translate requirements like DORA and MiCA into tangible IT controls, oversee third-party risks, and maintain the integrity of our governance framework.

This is not a tick-the-box compliance role. It is an operational position for a professional who understands technology well enough to govern it effectively. You'll have high visibility, owning the frameworks that allow us to scale securely.
Responsibilities

IT governance and risk management • Maintain and evolve the IT Risk Register, ensuring risks are identified, assessed, and treated in line with the company's risk appetite. • Drive the local implementation of the DORA (Digital Operational Resilience Act) framework, including ICT risk management and incident classification. • Bridge the gap between technical reality and policy by drafting, reviewing, and updating IT policies and procedures. • Perform periodic control testing to ensure global engineering practices align with local regulatory requirements. • Act as the primary support to the local Head of IT.

Third-party risk management (TPRM) • Support ICT due diligence and risk assessments of critical vendors and service providers, while assisting with Developer and Customer Oversight. • Monitor service level agreements and performance metrics of critical vendors, challenging performance where necessary. • Act as the primary support to the outsourcing manager regarding technical vendor oversight.

Access governance and control (IAG) • Oversee the identity and access governance strategy, including adherence to Segregation of Duties, principle of least privilege, and others. • Conduct periodic user access reviews for critical systems.

Regulatory compliance and audit readiness • Act as the primary liaison for internal audit regarding IT topics. • Prepare technical inputs and evidence for CSSF notifications and regulatory reporting. • Monitor compliance with GDPR and data privacy controls (e.g., DLP oversight, data residency). • Coordinate business continuity (BCP) and disaster recovery (DR) testing documentation and reporting.

Incident governance • Oversee the IT incident management process to ensure proper classification, reporting, and root cause analysis (RCA). • Ensure major incidents are reported to regulators within mandated timeframes, in collaboration with Compliance.
Who you are
Minimum requirements
  • Bachelor's or Master's degree in Information Systems, Cybersecurity, or Business Administration, with a strong IT focus.
  • 3-6 years of experience in IT audit, IT risk, GRC, or information security. • High professional fluency in English.
Preferred qualifications
  • Experience in a regulated sector (Banking, Fintech, or Insurance).
  • Experience at a large-scale public accounting firm in IT risk advisory.
  • Experience with CSSF circulars, EBA guidelines, or DORA.
  • Strong understanding of ISO 27001, NIST, or COBIT.
  • Understanding of cloud fundamentals (AWS).
Job ID  7587254
More Jobs From Stripe
Stripe
Customer Funds Reconciliation and Safeguarding Specialist, Luxembourg
Stripe
Luxembourg
1 month ago Full time Competitive
Stripe
Fullstack Engineer, Payments and Risk
Stripe
Dublin, Ireland
1 day ago Full time Competitive
Stripe
Staff Full Stack Engineer - Premium Merchant Experiences
Stripe
Dublin, Ireland
4 days ago Full time Competitive
Stripe
Engineering Manager, Payments
Stripe
Singapore
5 days ago Full time Competitive
Stripe
Account Executive, FX and Multi-Currency
Stripe
London, United Kingdom
6 days ago Full time Competitive
Stripe
Manager, TAM (Greater China)
Stripe
Singapore
10 days ago Full time Competitive
Stripe
Enterprise Account Executive (Hunter FSI)
Stripe
Sydney, Australia
10 days ago Full time Competitive
Stripe
Staff Software Engineer - Service Platform
Stripe
Dublin, Ireland
11 days ago Full time Competitive
Stripe
Staff Software Engineer - API Platform
Stripe
Dublin, Ireland
11 days ago Full time Competitive
Stripe
Technical Program Manager
Stripe
London, United Kingdom
12 days ago Full time Competitive

Boost your career

Find thousands of job opportunities by signing up to eFinancialCareers today.
More Jobs Like This