Security GRC Analyst

Juni who?
At Juni, we're busy building the future of banking. We want to help businesses do more with less and get access to the financial tools they need to operate, grow, and win globally. 

How & why we do it
We give our people the same thing we're building for our customers: freedom. Freedom to be 100% yourself. Freedom to explore your potential and what's more – make the most of it. We truly believe we're making the world a better place for online businesses, and we want you to be a part of that mission.

Your role at a glance 
Juni is seeking a Security GRC (Governance, Risk, and Compliance) Analyst to play a crucial role in aligning our information security posture with industry best practices, regulatory requirements, and internal policies. As a Level 2 analyst, you will demonstrate significant independence in your work, taking ownership of maintaining and improving our security governance framework. This role is key to managing risks, ensuring compliance, and fostering a strong security culture across the organisation. You will work closely with various departments to implement, monitor, and enhance our security controls.

Your responsibilities

In this role, you'll:

Governance & Documentation:

• Maintain and update core security documentation, including policies, procedures, and instructions, ensuring they remain current and relevant.
• Identify, collect, and analyse data to track key security performance indicators (KPIs) and metrics, generating reports and dashboards to communicate security performance to stakeholders

Risk Management:

• Maintain the risk register and support daily risk management activities with growing independence.
• Follow up on the remediation of risks identified in new projects, third-party engagements, and other business initiatives.
• Conduct thorough security posture assessments of new vendors and perform periodic reviews of existing ones.
• Support our 3rd party procurement process.

Compliance & Controls:

• Monitor the implementation and effectiveness of security controls across the organisation.
• Coordinate and support activities to maintain key security certifications, including PCI-DSS and ISO 27001.
• Coordinate and support the implementation of remediation plans to address identified compliance gaps.
• Provide support in responding to security-related questions during partner due diligence and assist in providing necessary information for cyber insurance renewals.
• Coordinate and support internal audits by providing requested information and addressing audit findings.

Collaboration & Business Acumen:

• Develop and implement tailored security training and awareness programs for different roles, complementing existing initiatives.
• Contribute to the development and implementation of the Digital Operational Resilience Strategy.
• Understand the business context behind the team's work and make decisions aligned with overall team and company objectives.

Tooling

• Slack
• G-suite
  
• Formalize
• Linear
• Vanta

Qualifications

• 2 to 4 years of experience in information security governance, risk, or compliance roles.
• Demonstrated experience with compliance frameworks and regulations (e.g., PCI DSS, ISO 27001, GDPR, PSD2, EBA outsourcing and DORA).
• Knowledge of security frameworks (e.g., CIS Controls, NIST CSF).
• Solid understanding of risk assessment methodologies and hands-on experience with risk registers and third-party risk management.
• Experience in coordinating activities for security certifications and audits.
• Ability to develop and track security metrics (KPIs).
• Strong analytical, problem-solving, and organisational skills.
• Excellent communication skills, comfortable presenting to various stakeholders.
• A proactive and independent worker who is also a strong team player.
• Experience in the financial services or fintech industry is a plus.

Your people
Our team is as ambitious as our amazing customers. We aim high and we move with speed to make our vision a reality. We care deeply about building a better future for our customers and each other. Here, you can work with people at the top of their game and who didn't get there by playing games. You can help us create a whole new category in financial services.

Your benefits

We're freedom-first. Transparent. Caring. Empowering. So our benefits are too.

• We work hybrid. We'll see you in one of our offices in Stockholm or Gothenburg at least two days per week.
• Swap 2D for 3D. Meet all Junis IRL at the company onsite each year.
• Diversity is at our core. We're part Swedish. Part Canadian. Part French. Part Indian. Part Italian. Part British. Part Portuguese. You get the idea.
• Great players can stay great players. Progress your career whether you choose to manage people or not.
• Stock options. We can't promise you'll make a fortune. But we'll give it our very best shot.
• Vacation. 30 days. 
• Private Health insurance. You know. Just in case
  
• Beautiful offices in central Gothenburg and Stockholm, front row sea view

Additional information 

• Please note that we are unable to sponsor work visas at this time. Therefore, having a valid work permit for Sweden is a requirement for this role.
• Dear recruitment agencies: we love your enthusiasm, but no calls, emails, or carrier pigeons, please. We're keeping this one in-house