Sr. GRC Analyst

Your role in our mission

Prosper is seeking a detail-oriented, highly motivated, and automation-focused security compliance professional to support, promote, and further mature the company's Governance, Risk, and Compliance program. In this position, you will blend standard GRC practices (PCI DSS, NIST, SOC 1/2) with a technical mindset, leveraging GRC platforms, scripting and AI tools to automate manual compliance workflows, audit trails, and data gathering.

You will use your strong analytical and technical skills to identify security gaps and build efficient, scalable processes. We are looking for self-driven candidates who want to be part of an innovative FinTech company with a mission to improve the financial well-being of its customers.

• Automated Compliance Monitoring: Review, audit, and monitor security compliance programs against frameworks like PCI-DSS, NIST CSFv2, and SOC 1/2, leveraging automation tools to continuously assess control health.
• Process Optimization & AI Integration: Identify opportunities to leverage AI tools and LLMs to accelerate risk assessments, summarize complex regulatory requirements, and streamline process improvements.
• Code-Assisted Evidence Collection: Lead and automate evidence collection for external audits (SOC 1, PCI Level 1), reducing manual overhead for engineering and product teams.
• Identity & Access Management (IAM): Oversee user access management and quarterly user access reviews, exploring ways to automate provisioning audits and detect anomalies.
• Cross-Functional Collaboration: Build and cultivate positive working relationships with engineering, DevOps, and product stakeholders to bake compliance directly into the CI/CD pipeline and cloud infrastructure.

• Education: B.S. degree in Computer Science, Information Systems, Cyber Security, or a related technical field.
• Experience: 5–7 years of GRC or Security Engineering experience, ideally within a SaaS, FinTech, or Cloud-native company.
• Solid understanding of Cloud Security compliance (AWS/Azure/GCP).
• Technical & Scripting Skills: Hands-on working experience with command line and scripting languages (Python, Bash,
• Powershell, etc) to parse logs, query APIs, and automate repetitive GRC tasks.
• AI Savvy: Familiarity with utilizing AI productivity tools, prompt engineering, or LLMs to optimize documentation, drafting, or data analysis.
• Framework Fluency: Experience with security standards/frameworks such as PCI-DSS, NIST (800-53/CSF), and SOC 1/2 Type II.
• Soft Skills: Strong ability to clearly articulate technical risk to non-technical stakeholders and strategically collaborate cross-functionally.
• Certifications: CISSP, CISA, CISM, CCSP, or similar security certifications are a plus.

#LI-RC1

#LI-remote