Tech Stack

Description

As an IT GRC Analyst at Stripe's Luxembourg regulated entity (BBSA), you will act as the bridge between European regulations (DORA, MiCA) and our global engineering teams. You'll maintain IT risk registers, drive DORA compliance, manage third-party risks, oversee access governance, and ensure audit readiness—all while enabling secure, compliant, and resilient technology operations.

Requirements

• Bachelor's or Master's in Information Systems, Cybersecurity, or Business Administration with IT focus
• 3-6 years experience in IT Audit, IT Risk, GRC, or Information Security
• Experience in regulated sector (banking, fintech, insurance) or Big 4 IT Risk advisory preferred
• Strong understanding of ISO 27001, NIST, or COBIT
• Tech literacy: understand cloud fundamentals (AWS), SaaS models, modern infrastructure

Responsibilities

• Maintain and evolve IT Risk Register, identifying and treating risks
• Drive local DORA implementation including ICT risk management and incident classification
• Draft, review, and update IT policies and procedures
• Support third-party risk management: ICT due diligence and vendor oversight
• Oversee Identity Access Governance, perform User Access Reviews and Segregation of Duties