Cybersecurity Compliance Analyst

Descripción del puesto:

Get to know us

Do you want to help us shape what the future of work will look like and how it will best embrace our life's aspirations? If this sounds like a journey you want to embark on, we may have the right role for you! PayFit is an intuitive software as a service payroll and HRIS solution designed specifically for SMBs. Since 2015, we have set ourselves a mission to simplify payroll for SMBs and enable employers and employees to grow together. We are a European company operating from 3 main countries (France, Spain, and the UK) where we are supporting over 20,000 clients.
Creating a fulfilling work environment and culture is also a core mission at PayFit, and our day-to-day work philosophy is reflected in our four values:
Care: We genuinely care for others whoever they are, whatever they think.
Excellence: We aim to improve and achieve better results every day.
Humility: Staying humble and exchanging transparent feedback helps us to grow and improve.
Passion: We are the architects of PayFit's success.

A key part of our culture, and essential for our success, is also improving the diversity of our teams and building an inclusive culture where you can be yourself at work.
This is why our recruitment focuses on the skills you demonstrate, and not only on your academic background or previous professional experiences. At PayFit we understand that you can gain applicable skills through a variety of life experiences and we are interested in knowing them, too.

Location :
You can work at this role from any location in France, with occasional visits to the Paris office.

Position Overview :

We're looking for a Security Compliance Analyst to join our Security team and help us scale compliance operations as we grow across Europe.

You'll work closely with the Security Manager and another analyst to maintain our Information Security Management System (ISMS), support regulatory compliance initiatives (ISO 27001, DORA, NIS2, GDPR), and build processes that make compliance efficient - not bureaucratic.

This is a hands-on role where you'll contribute to audits, risk assessments, vendor reviews, and security monitoring while collaborating with Engineering, Legal, HR, and IT teams.

Your mission

Maintain and improve our ISMS
Keep our ISO 27001-certified ISMS operational, up-to-date, and audit-ready. Track compliance KPIs, identify gaps, propose improvements, and drive remediation plans.

Support regulatory compliance
Contribute to DORA, NIS2, and GDPR compliance initiatives. Prepare documentation, evidence, and responses for internal and external audits. Monitor regulatory changes and assess impact.

Manage third-party risk
Conduct security reviews of SaaS/cloud vendors and third parties. Track vendor risk registers and follow up on remediation actions. Support procurement and legal teams with security requirements.

Strengthen security operations
Participate in security incident follow-up and post-mortem analysis. Contribute to access reviews, IAM controls, and monitoring activities. Support security awareness programs across teams.

Automate and optimize
Help automate compliance workflows using tools like Vanta, Jira, and scripts. Maintain and improve security documentation, policies, and procedures. Reduce manual work by identifying repetitive tasks.

Must-have
* 2-5 years of experience in cybersecurity, IT compliance, GRC, or security operations
* Solid knowledge of ISO 27001 and experience working with ISMS frameworks
* Understanding of regulatory requirements: GDPR, DORA, NIS2, or similar compliance standards
* Experience with audit processes: preparing evidence, responding to findings, tracking remediation
* Risk management foundations: able to assess risks, prioritize controls, and track mitigation plans
* Cloud & SaaS security awareness: understanding of IAM, SSO, RBAC, and how SaaS tools introduce risk
* Cross-functional collaboration skills: able to work with technical and non-technical teams
* Autonomy and organization: able to manage multiple priorities and deliver on time
* Professional English: written and spoken

Nice to have
* Experience with compliance automation tools (Vanta, Drata, or similar)
* Familiarity with identity and access management tools (Okta, Google Workspace)
* Exposure to SIEM, monitoring tools, or SOC operations (Datadog, Splunk, etc.)
* Previous work in a fast-paced SaaS or fintech environment
* ISO 27001 Lead Implementer or Lead Auditor certification

Why join PayFit
* Real impact: Your work directly affects how we protect customer data and scale securely
* Pragmatic compliance: We care about security outcomes, not just checkbox compliance
* Modern tools: We use tools like Vanta, Okta, AWS, Datadog, GitHub, Jira
* Autonomy: You'll own projects end-to-end, not just execute tasks
* Learning: Exposure to multiple compliance frameworks, cross-border regulations, and a fast-evolving threat landscape

What we offer

Flexibility: We believe it is key to producing your best work and being fulfilled. We therefore offer the possibility to work away from our main offices, within France, as well as abroad for a defined period. Further requirements may apply depending on the role and your overall experience.
Learning & Development: At PayFit, we offer a comprehensive learning platform that enables you to acquire new skills daily, supported by our company. We also have English language courses to improve your business communication vocabulary and get to the next level.
Career Development: We want you to progress and be free to choose which direction you want to grow. There are also opportunities for internal moves.
Health insurance: Henner Mutuelle Insurance (60% covered by PayFit, free coverage for children
Transportation: 50% of public transportation costs are covered by PayFit for those living within the Ile de France region, or assistance with sustainable mobility (a bicycle rental subscription, purchase of soft mobility equipment to get to work, etc.).
Meals: A restaurant card with our partner Swile (9EUR per workday) covered at 60% by PayFit
A Work Council grant: A monthly allowance to be spent on culture, sports, personal services, etc., as well as a vacation bonus.
Home office budget: A contribution in EUR per year to help you get set up in the best conditions. A MacBook is our standard working tool
Parental support program: Salary maintenance during the first month of additional parental leave.
Time off: 25 days of holidays + RTT days (depending on the contract).

Disability Inclusion: All of our positions are open to any person living with a disability. To guarantee equal treatment and opportunities, we will take, based on individual needs, appropriate measures to adapt the work conditions of PayFiters with disabilities, and if needed also during the recruitment process. Please let us know what you need and we will do our best to accommodate