Lead Cybersecurity GRC Analyst

ABOUT REPAY
REPAY (“Realtime Electronic Payments” / NASDAQ TICKER: RPAY) is an established and fast-growing publicly traded financial technology and payment processing company headquartered in Atlanta, Georgia, with offices across the country. REPAY enables its customers to accept payments anytime, anywhere, and through any channel while providing a secure, seamless, and enjoyable payment experience for the end consumers. REPAY offers a comprehensive suite of electronic payment and funding solutions, including debit and credit card processing, ACH processing, Instant Funding, and electronic bill payment systems with full IVR, text, and mobile capabilities. The scalability of its products allows merchants of all sizes to add an instant arsenal of intelligent payment technology solutions to their businesses without significant development costs or infrastructure investments.

ABOUT THE ROLE

We are seeking a proactive and detail-oriented Senior Cybersecurity Analyst with expertise in Governance, Risk, and Compliance (GRC) and a strong emphasis on Risk Management. The ideal candidate will have extensive experience in cybersecurity and risk management frameworks, third-party risk management, and security compliance. Reporting directly to the Chief Information Security Officer (CISO), this position plays a key role in managing vendor and technology risks within the company.

RESPONSIBILITIES

Risk Management:

• Design and implement comprehensive risk management strategies, including robust third-party and fourth-party risk management programs.
• Conduct vendor risk assessments during onboarding, monitoring, and contract renewals, ensuring alignment with security and compliance standards.
• Identify, evaluate, and mitigate risks associated with information systems, including cutting-edge technologies like generative AI.
• Assess cybersecurity exceptions, document associated risks, and recommend appropriate mitigation measures.
• Monitor and report the effectiveness of risk management initiatives to drive continuous improvement.
• Maintain and enhance the cybersecurity risk register to support prioritization and informed decision-making.
• Collaborate with cross-functional teams to embed risk management principles into business and technical decision-making processes.

Governance and Compliance:

• Partner with stakeholders to design, document, and enforce security policies, standards, and controls.
• Align the organization’s security practices with frameworks such as NIST CSF, NIST SP800-53, PCI-DSS, and SOC 2.
• Support internal and external audits, including PCI-DSS, SOC 2, HIPAA, and SOX, ensuring successful outcomes with minimal disruption.
• Create and present risk reports and dashboards to senior management, delivering actionable insights into organizational risk posture and compliance.
• Work closely with the corporate compliance team to handle cybersecurity questionnaires from clients.
• Improve and automate the process of handling client questionnaires related to cybersecurity.
• Act as a subject matter expert during client and regulatory discussions, providing expertise on GRC and risk management topics.
• Collaborate with platform owners and stakeholders to implement controls and security best practices.

REQUIREMENTS:

Required Qualifications:

• Bachelor’s degree in computer science, Information Systems, or related field.
• Cybersecurity certifications (e.g., CISSP, CISM, CISA) are a plus.
• 6+ years of experience in GRC or Risk Management roles, including third-party risk management, preferably within technology organizations in financial services or related industries.
• Hands-on experience managing security compliance and risk assessment programs across on-premises and cloud environments.
• Experience managing projects, including timelines, resources, and stakeholder coordination.

Technical Skills:

• Strong understanding of SOX, AICPA SOC 1 and SOC 2, PCI-DSS compliance, and cybersecurity frameworks such as NIST CSF and NIST SP800-53.
• Proficiency with GRC tools such as Hyperproof, Archer, ServiceNow, Venminder or similar platforms.
• Strong understanding of software development practices and cloud environments to build credibility with technical teams.
• Advanced expertise in Microsoft Excel and other office tools.
• Exceptional presentation and communication skills.
• Familiarity with reporting tools such as PowerBI or Sisense is a plus.
• Proficiency in risk identification within technology solution architecture and design.
• Ability to create and present actionable risk reports and dashboards for senior leadership.

Soft Skills:

• Demonstrated ability to drive cross-team collaboration and deliver impactful change.
• Self-motivated and focused on continuous improvement, bringing solutions and taking ownership of outcomes.
• Capable of operating independently and creating or adapting processes to meet organizational needs.
• Pragmatic approach, considering broader business contexts and competing priorities.
• Analytical thinker with the ability to assess problems, identify root causes, and recommend effective solutions.
• Collaborative mindset with the ability to work effectively across diverse teams such as Engineering, IT Operations, Security, and Compliance.

Location:

• Atlanta, GA preferred; remote candidates will also be considered.

WHY JOIN REPAY.… BECAUSE CULTURE IS EVERYTHING

GROWTH & PEOPLE-CENTERED LEADERSHIP
As the industry-leading financial technology provider in the Consumer Finance and Business to Business spaces, we continue to set the standard for application development and delivery. In 2019, REPAY became a public company listed on the Nasdaq Stock Market (RPAY). For the past three consecutive years, we have placed on the ACG® Atlanta Georgia Fast 40, a list recognizing the top 40 fastest-growing middle-market companies in Georgia. REPAY’s leadership empowers each team member to make a difference and stretch to their fullest potential. Our dedication to frequent, transparent communication is shown with companywide meetings where our leaders share company vision and encourage employees to ask questions. 

FUN WORK ENVIRONMENT & GREAT TEAMS
We offer it all: business to casual dress, great snacks & beverages, and open-air collaborative team settings. REPAY has been certified as a Great Place to Work® company for 2017, 2018, 2019, 2020, 2021, and 2022. The REPAY team is fun, smart, collaborative, and truly enjoys working together. Making a difference in our local communities – we support several philanthropic initiatives every year to give back to our local communities. We are self-driven, motivated professionals who do not require micro-management to ensure we produce high quality and timely work.

INNOVATION & EDUCATION
We create highly sophisticated payment processing applications and are always pushing the boundaries of what is possible. We are constantly revolutionizing the industry by building on new ideas from clients and employees. We provide the resources necessary to ensure new innovations can develop quickly and with quality. We encourage continuing education, including professional conferences and events.  

PUTTING OUR PEOPLE FIRST
We believe our people are the best, and we care immensely about their success. We offer a comprehensive benefits package which includes 100% coverage of employee healthcare premiums and several free benefits, including life insurance, disability insurance, and work-life balance resources. All benefits go into effect day one. Our employees’ futures are important to us, which is why we have a 401(k)-employer match and and an Employee Stock Purchase Plan. REPAY employees are eligible to participate in our Annual Bonus Program. This bonus award reflects excellent performance of individual contributions and goals achieved during the past year.

REPAY’s core values are Excellence, Passion, Innovation, Respect, and Integrity.

REPAY is an Equal Opportunity Employer and we promote a company culture where diversity, equity and inclusion are central. We are committed to build our teams and grow a company in which employees can succeed, regardless of race, color, national origin, sex, sexual orientation, gender identity or expression, transgender status, pregnancy, religion, age (40 and over), disability, service in the uniformed services, protected veteran status, genetic information, or any other classification protected by federal, state or local law. Celebrating our diverse backgrounds, views and beliefs allows us to embrace what makes us unique and continue to innovate and push the boundaries of what is possible.

We are interested in every qualified candidate who is eligible to work in the United States. This position is not eligible for hire in California. Additionally, we are not able to sponsor visas.