Overview
PagoNxt is looking for a GRC Analyst, based in our Boadilla del Monte (Madrid) office. We embrace a strong risk culture and expect all professionals to take a proactive and responsible approach toward risk management. This position is for the Payments Hub team. PagoNxt is a world-leading payment solution provider for merchants, international corporates and SMEs. Part of the Santander Group, PagoNxt is an autonomous company delivering fast solutions to the payments market. This is a unique opportunity to work for a company that combines the best of both worlds:
innovative technology of a FinTech with the reach and expertise of a leading global financial institution.
What you will be doing
We are looking for a GRC Analyst to join the team within our technology and security ecosystem. This team plays a crucial role in overseeing the implementation and evolution of cybersecurity controls. We collaborate actively with PagoNxt business and technology units to coordinate key initiatives that support resilience, regulatory compliance, and risk mitigation. As part of a rapidly growing and cloud-native environment supporting one of the world\ 's largest payment platforms,you will have the opportunity to work at the intersection of cybersecurity, operations, and compliance, driving impact at global scale.
Responsibilities
* Define and monitor the implementation of cybersecurity control frameworks aligned with industry standards and risk posture.
* Identify and track findings, risks, and improvement opportunities across the cybersecurity control landscape.
* Monitor and analyze cybersecurity incidents and breaches, supporting mitigation and remediation follow-ups.
* Contribute to the evaluation of the effectiveness of global cybersecurity controls, policies, and procedures.
* Work closely with both technical and business teams to ensure alignment with security governance requirements.
* Support audits, control testing, and regulatory reporting activities across multiple jurisdictions.
What you’ll bring
We\ 're looking for someone who\'s passionate about technology and cybersecurity, and eager to grow both technically and in communication skills. You will play a key role in ensuring our products align with the diverse regulatory frameworks our clients face—transforming compliance challenges into opportunities for excellence and innovation. To thrive in this role, you must collaborate actively and directly with teams across the organization in a fast-paced and agile environment. This requires a genuine interest in understanding both the product and the underlying technology. Curiosity, initiative, and the ability to bridge security, compliance, and engineering will be essential to your success.
Must-have
* Team-oriented and collaborative mindset.
* Knowledge of cybersecurity auditing practices (internal or external).
* Understanding of regulatory control models, especially SOX, SOC.
* Familiarity with cybersecurity hardening, cloud configurations, and access management principles.
* Strong ability to collaborate across diverse teams and communicate effectively.
* Fluent in English, both written and spoken.
Nice-to-have
* Experience conducting or supporting SOC audits.
* Experience in evaluating and designing security control frameworks.
* Formal cybersecurity training or certifications (e.G., ISO 27001, CISSP, CISA, CISM).
* Exposure to infrastructure environments (AWS, Kubernetes, etc.) is a plus.
Seniority level
* Entry level
Employment type
* Full-time
Job function
* Business Development and Sales
Industries
* Technology, Information and Internet
Madrid, Community of Madrid, Spain
#J-18808-Ljbffr