IT Governance and Risk Analyst
About Zepz
Zepz is the group powering two leading global remittance brands: WorldRemit and Sendwave. Since 2010, we have been disrupting an industry previously dominated by offline legacy players with our relentless focus on reducing the cost of remittances and increasing safety and convenience for our users. Every day, our people work to unlock the prosperity of cross-border communities through finance and technology - driven by our vision of a world that celebrates migrants’ impact on prosperity, at home and abroad.
Our brands helped cross-border communities send over $15bn from 50 countries to recipients in 130 countries in 2022. We operate over 5,000 money transfer corridors worldwide and employ over 1,000 people globally. Zepz is a remote-first employer, with team members located across six continents.
Our vision is to create a world that celebrates migrants’ impact on prosperity, at home and abroad. Our purpose is to unlock the prosperity of cross-border communities through finance and technology.
Our Commitments:
- We act like owners - We are relentlessly delivering for our users and spending money thoughtfully.
- We embrace embarrassing honesty - We function best when we're open and honest with one another — especially about our challenges and doubts.
- We have a bias to action - We get to first outcomes quickly, iterate and learn.
- We strive to be better - We may make mistakes, but always learn from them.
- We are inclusive - to better reflect and serve our users.
About the role:
The Zepz IT Governance, Risk, and Compliance (GRC) Analyst develops and maintains GRC policies and procedures. The Governance, Risk and Compliance Analyst serves as a critical resource for staff and leaders regarding information technology policy implementation, interpretation, and compliance. The GRC Analyst assesses and priorities information technology and risk across the organization, facilitates compliance with regulatory requirements and develops and reports on information technology metrics.
What you will own:
The GRC Analyst is responsible for identifying, analysing and assisting to implement Governance in the operating environment.
- Act as risk and compliance champion for the Product and Engineering team.
- Conduct research and advise leadership on any compliance changes that need to be implemented in the environment.
- Establishing and maintaining governance and compliance standards.
- Creating, maintaining, communicating, and enforcing compliance policies.
- The GRC Analyst independently executes high-quality, enterprise-class solutions consistent with regulations and established frameworks.
- The Analyst works with employees, and leaders across Zepz and our partners and affiliates.
- Works with 2LOD to ensure Risks are identified, recorded and managed to resolution via the Protect system.
- Extract risk reports and highlight and improvements to the IT GRC Manager and/or the domain leadership.
Responsibilities:
- Audits and Assessments
- Review Regulator and External audit questionnaires and pre-populate as required.
- Work with domain owners and other stakeholders within ZEPZ to identify, populate and /or upload evidence.
- Guide domain owners on policy and procedure changes impact a specific area of the business.
- Assist to write policies and procedures where required for areas of Product and Engineering.
- Liase with 3rd parties, (External auditors) on requirements and scope clarity.
- Policy Management and Workforce Training and Awareness
- Facilitates eDiscovery and collection of data to support investigations of possible information technology or policy violations.
- Analyses incidents in collaboration with other stakeholders.
- Coordinates remediation and awareness training.
- Researches, recommends, and contributes to polices, standards, and procedures.
- Assists with the lifecycle management of information security policies and supporting documents.
- Works with other organisational participants to implement policies across product and engineering.
- Conduct Risk management training as and when required.
What you bring to the table:
- Preferred 5+ years of progressively responsible experience in a addressing risk and compliance with regulatory requirements ITGC, ISAE, ISO.
- Licenses & Certifications: Advanced certifications such as, COBIT 5, ITIL 3, NIST or ISO 27001/2
- TOGAF 9 would be an advantage.
- RISK related certification
What we offer you:
Please note that the benefits below will apply to Full-time roles.
We have five core benefits for our talent in the US, UK, Philippines, Poland, and South Africa. If you're not in one of those regions, don’t worry - the Talent team can let you know what is available for you specifically:
- Unlimited Annual Leave: Most Zepz team members are eligible for unlimited annual leave. Colleagues in customer-facing roles, receive a competitive holiday allowance and four recharge days a year. Feel free to make the most of your time off and maintain a healthy work-life balance!
- Private Medical Cover: You can opt-in to a Private Medical Insurance scheme. This provides you with access to thorough medical coverage, so you can feel confident in your health and well-being.
- Retirement: We offer pension schemes to help you plan for and secure your future.
- Life Assurance: Life assurance is available to give you peace of mind and protect your loved ones in case of the unexpected.
- Parental Leave: We offer competitive parental leave schemes to ensure you are spending as much quality time with your new bundle of joy as possible.
We are also remote-first as an organisation, offering flexibility for you to work where you need to be most productive. In many locations, we have workspaces, which you can use as you desire. Most roles in the Philippines are predominately office-based, with this we offer free meals for those 100% on-site.
In addition to the above, you will discover that we have a range of secondary perks (such as the cycle-to-work scheme and employee discounts) depending on your location, to help you thrive at Zepz!
Why choose Zepz?
- Our team of over 1,000 employees is fully distributed across the world. We are working from coffee shops, homes, and co-working spaces — making us one of the larger fully distributed growth-stage startups in the world but we also offer workspace in our talent cluster locations - spaces we can meet, collaborate and connect.
- We are proud parents, community organizers, farmers, band members, yoga teachers, YouTube influencers, former Olympians, and serial entrepreneurs.
- We collectively speak over twenty languages, including Akuapem, Amharic, Bengali, Ewe, Fante, Ga, Igbo, Kalenjin, Luganda, Oromo, Somali, Swahili, Wolof, Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish and Swedish.
- At Zepz, embodying our commitments binds us together. We are collectively passionate about striving to achieve our vision and purpose - to continue to provide the best service to our users.
Ready to Apply?
Applications will be reviewed on a rolling basis. If interested, please submit your resume along with a cover letter (optional), highlighting why your experience demonstrates you meet the requirements of the role. Please also indicate the countries in which you have work authorization.
Confidence can sometimes hold us back from applying for a job. But we'll let you in on a secret: there's no such thing as a 'perfect' candidate. Zepz is a place where everyone can thrive.
So however you identify and whatever background you bring with you, and if at all you might need any form of support to make the process as comfortable as possible, please let us know and give us a shot by applying. We want you to be excited to wake up to make an impact every day.