Senior GRC Security Engineer at Thndr

About The Role We are looking for a Senior Governance, Risk, and Compliance (GRC) professional to lead and strengthen our compliance and risk management program across multiple frameworks, entities, and geographies. The ideal candidate will have strong hands-on experience with SOC 2, ISO 27001, PCI DSS, and modern compliance automation platforms such as Sprinto, with the ability to build and operate a hybrid unified GRC framework for multi-geographical entities. What You'll Do • Lead the design, implementation, and continuous improvement of the organization’s Governance, Risk, and Compliance program. - Manage compliance initiatives across key frameworks including SOC 2, ISO 27001, PCI DSS, and other applicable standards or regulations. - Build and maintain a hybrid unified GRC framework that enables a common control structure across multiple legal entities, business units, and geographical regions. - Align global baseline controls with local regulatory, legal, privacy, and operational requirements. - Perform risk assessments, compliance gap assessments, control reviews, and remediation tracking. - Develop, maintain, and improve policies, standards, procedures, and control documentation. - Own audit readiness activities including evidence collection, control walkthroughs, auditor coordination, and remediation follow-up. - Drive cross-framework control mapping to reduce duplication and improve audit efficiency across multiple compliance programs. - Work closely with Engineering, Information Technology, Security, Legal, Privacy, Human Resources, and business teams to embed compliance requirements into operations. - Manage third-party risk assessments, vendor due diligence, and ongoing compliance reviews for critical suppliers. - Define and monitor Governance, Risk, and Compliance metrics, compliance status reporting, and executive dashboards. - Support security awareness, policy governance, exception management, and ongoing program maturity improvements. - Track regulatory and framework changes and assess their impact across all relevant entities and regions. What You'll Need • 5+ years of experience in Governance, Risk, and Compliance, Information Security, Audit, or a related field. - Strong practical experience with SOC 2, ISO 27001, and PCI DSS including implementation, control mapping, readiness assessments, evidence collection, and audit support. - Proven experience working with compliance automation / GRC platforms such as Sprinto, Drata, Vanta, or similar tools. - Experience building or managing a unified control framework that maps multiple standards into a centralized and scalable compliance model. - Experience supporting multi-entity and multi-geographical compliance programs with both centralized governance and localized compliance requirements. - Strong understanding of risk management, control design, issue tracking, remediation planning, and compliance operations. - Experience writing and maintaining policies, standards, procedures, and governance documentation. - Good understanding of third-party risk management, supplier due diligence, and control assurance processes. - Strong knowledge of core security and compliance domains such as access control, asset management, vulnerability management, incident management, change management, and business continuity. - Experience working with auditors, control owners, leadership teams, and cross-functional stakeholders. - Strong communication, organization, and documentation skills. - Experience in regulated industries such as fintech, payments, healthcare, Software as a Service, or cloud environments. - Familiarity with cloud compliance and shared responsibility models across Amazon Web Services, Microsoft Azure, or Google Cloud Platform. - Relevant certifications such as Certified Information Systems Auditor, Certified in Risk and Information Systems Control, Certified Information Systems Security Professional, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, or PCI Professional is a plus. Who Are We? Thndr was founded on a bold dream to democratize access to investing through smart tech and human-centric design. This is simply our way of saying we give anyone with a smartphone the simple and easy access they need to preserve and grow their wealth. At the same time, we’re shaping the future of investing while actively driving the economies we serve by promoting local investment products. History has shown that investing is the single greatest way to build long-term wealth, but before Thndr, only a very small percentage of people had access to it due to: - High barriers to entry — In the form of excessive minimum account balances, complex, outdated onboarding, and low financial literacy. - Irrelevant experience — Catered toward expert traders and financial specialists, therefore alienating the majority of the population. - Fragmented offering — Investment products were not gathered in a single, intuitive outlet. We don't just talk about change, we deliver it. Here's a glimpse into our impact so far: - 3 million app downloads - $8.8bn in annualized traded value - #1 platform in terms of traded value - 84% of our users are investing for the first time - 65% of our users come from outside of capital cities and have previously had limited access to financial institutions Building on the success of our core platform, we are continuing to change culture and break down barriers by launching Rumble, the subscription-based investment recommendations platform. Rumble was born with the vision to empower everyday individuals to build wealth confidently and intelligently through access to timely and in-depth advice from the industry’s top experts. Going beyond traditional investment advice, it offers long and short-term investment recommendations and financial content through engaging articles and videos that guide users on their financial journey and maximize their returns. At Thndr, we're looking for people driven by our mission to help us democratize investing across the MENA region.