Listing Description

About us:

BVNK provides modern payments infrastructure for businesses. We unify banks and blockchains in a single platform. With BVNK, businesses can send and receive stablecoin payments, convert between currencies and add stablecoin payments to their checkout. Using our flexible platform, and robust global licensing and compliance expertise, innovators can launch new payments products quickly and compliantly.

We are a diverse team spread across the UK, USA, Europe and Africa. We share the belief that blockchain technology presents a new base layer for global payments, where funds can move as freely as data moves on the internet. 

We're incredibly honoured to have made Newsweek's list of The Top 100 Global Most Loved Workplaces 2 years running (2023 and 2024). 

About this role in the team:

The Information Security Governance, Risk & Compliance (Infosec GRC) Analyst at BVNK plays a pivotal role in fortifying and enhancing our information security and privacy frameworks. This role involves producing regular reports, metrics, and ensuring the timely execution of all established cybersecurity and privacy workflows. The primary objective of this role is to ensure BVNK's compliance with regulatory requirements and our unwavering commitment to protect customer and company data. The GRC Specialist acts as an expert in security governance, security compliance, and privacy matters, effectively harmonising the legal compliance requirements with IT and security workflows, while addressing the practical business needs of the company.

Key Areas of Responsibilities:

• Maintains, updates and follows established security and privacy workflows and processes, identifying opportunities for improvement.


• Owns the operational parts of the business continuity, operational resilience and disaster recovery processes, setting up necessary exercises, meetings and updating the documentation.


• Collects the data necessary for the security monthly and quarterly reports, ensuring data is accurate and up to date, monitoring the ongoing performance.


• Combines the processes to ensure the consistent compliance with Digital Operational Resilience Act (DORA), UK operational resilience requirements and other applicable legislation.


• Develops, updates, and maintains operational resilience, data protection and privacy policies and procedures in alignment with laws, regulations, and industry standards.


• Conducts Data Impact Assessments (DIAs) to ensure data protection and compliance. Develop and maintain the Data Inventory Map.


• Collaborates with other teams to ensure that Privacy is considered at all stages of product development and the controls are efficiently implemented in compliance with GDPR and other frameworks.


• Implements the process for handling Data Subject Access Requests (DSAR) and follows it.


• Tailors and reviews the compliance to the security awareness curriculum, identifying opportunities for improvements.


• Leads data mapping exercises to identify and categorise data flows within the organisation.


• Monitors advancements in information security compliance and privacy laws and best practices to ensure organisational adaptation and compliance.


• Determines whether a security or data incident violates privacy principles requiring legal action.


• Works collaboratively across departments and business units to implement the organisation’s privacy and operational resilience principles and programs.


• Develops or procures privacy or operational resilience-focused training curriculum tailored for internal stakeholders.


• Follow-ups until the successful remediation of issues identified through internal or external audits, gap analysis, or tests.

What we need from you:

• Ability to develop clear policies, plans, and strategy in compliance with data protection laws and standards.


• Proven expertise in conducting at least one of Data Impact Assessments, compliance gap analysis, Business Impact Analysis.


• Ability to map and categorise data flows effectively.


• Knowledge of current data protection laws, regulations, policies, and ethics.


• Ability to tailor privacy and data protection information to diverse audience levels.


• Skill in creating policies that reflect the business’s core privacy objectives.


• Exceptional communication skills for all management levels, especially in conveying privacy principles and requirements.

Qualifications & Experience:

• Bachelor's degree in a related field, Compliance, Audit, or Information Security or equivalent work experience.


• 1-3 years of professional experience in a role like Privacy Analyst, Data Protection Analyst, IT Auditor, Legal Assistant, IT GRC Analyst, or similar position.


• Demonstrated expertise in privacy and security laws and regulations, specifically GDPR, US Data Privacy, DORA, UK Operational Resilience.


• Experience with Vanta will be considered an advantage.


• Strong analytical and problem-solving skills.


• Ability to work autonomously and collaboratively in a dynamic environment.


• Privacy related certifications like CIPP, CIPM, CDPSE or others will be considered a plus.


• Knowledge or experience with ISO 27001 implementation and maintenance will be considered a strong advantage

What you can expect from us:

• Fair and competitive salary at every stage of your growth


• Meaningful ownership in the business through our employee option scheme


• Flexible working hours, with hybrid working at its heart


• A culture built on passionate growth minded people


• A flexible approach to holiday


• Opportunities to travel to our offices around the world, in locations such as London and Cape Town, to collaborate with your colleagues 


• An open and creative environment where you can help us define the future of BVNK, it’s culture, and it’s opportunity sets

At BVNK, we are focused on building a diverse and inclusive team. While you may not meet all of our requirements, we’d encourage you to apply if you meet the majority of our expectations. You may be a great fit for this role or another role in our team.