PagoNxt is looking for a GRC Analyst, based in our Boadilla del Monte (Madrid) office.
We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.
WHY YOU SHOULD CONSIDER THIS OPPORTUNITY
PagoNxt is a world-leading payment solution provider for merchants, international corporates and SME's. Part of the Santander Group, boasting over 160 years of banking experience and 155 million customers worldwide, PagoNxt is an autonomous company, the Group's FinTech delivering fast solutions to the payments market.
This position is for the Payments Hub team. We are currently extending our cloud native payments processing platform to Santander banks and other financial institutions, with the aim of providing a single access to most domestic and international payment methods at global scale.
If you would like to join a global community of world-class payment experts, this is the place for you! This is a unique opportunity to work for a company that combines the best of both worlds: innovative technology of a FinTech with the reach and expertise of a leading global financial institution.
WHAT YOU WILL BE DOING
We are looking for a GRC Analyst to join team within our technology and security ecosystem.
This team plays a crucial role in overseeing the implementation and evolution of cybersecurity controls. We collaborate actively with PagoNxt business and technology units to coordinate key initiatives that support resilience, regulatory compliance, and risk mitigation.
As part of a rapidly growing and cloud-native environment supporting one of the world's largest payment platforms, you will have the opportunity to work at the intersection of cybersecurity, operations, and compliance, driving impact at global scale.
Your Key Responsibilities
- Define and monitor the implementation of cybersecurity control frameworks aligned with industry standards and risk posture.
- Identify and track findings, risks, and improvement opportunities across the cybersecurity control landscape.
- Monitor and analyze cybersecurity incidents and breaches, supporting mitigation and remediation follow-ups.
- Contribute to the evaluation of the effectiveness of global cybersecurity controls, policies, and procedures.
- Work closely with both technical and business teams to ensure alignment with security governance requirements.
- Support audits, control testing, and regulatory reporting activities across multiple jurisdictions.
What You'll Bring
We're looking for someone who's passionate about technology and cybersecurity, and eager to grow both technically and in communication skills. You will play a key role in ensuring our products align with the diverse regulatory frameworks our clients face—transforming compliance challenges into opportunities for excellence and innovation.
To thrive in this role, you must collaborate actively and directly with teams across the organization in a fast-paced and agile environment. This requires a genuine interest in understanding both the product and the underlying technology. Curiosity, initiative, and the ability to bridge security, compliance, and engineering will be essential to your success.
Must-have:
- Team-oriented and collaborative mindset.
- Knowledge of cybersecurity auditing practices (internal or external).
- Understanding of regulatory control models, especially SOX , SOC
- Familiarity with cybersecurity hardening, cloud configurations, and access management principles.
- Strong ability to collaborate across diverse teams and communicate effectively.
- Fluent in English, both written and spoken.
Nice-to-have:
- Experience conducting or supporting SOC audits.
- Experience in evaluating and designing security control frameworks.
- Formal cybersecurity training or certifications (e.g., ISO 27001, CISSP, CISA, CISM).
- Exposure to infrastructure environments (AWS, Kubernetes, etc.) is a plus.