IT Governance, Risk & Compliance (GRC) Analyst, Luxembourg

About the role

Chat with Stripe sales IT Governance, Risk & Compliance (GRC) Analyst, Luxembourg Stripe logo Jobs Our opportunity Life at Stripe Benefits University See open roles Open mobile navigation Jobs Our opportunity Life at Stripe Benefits University See open roles Close mobile navigation Roles at Stripe Role details IT Governance, Risk & Compliance (GRC) Analyst, Luxembourg Secure and Scale a Regulated Fintech Platform at the Heart of Stripe Bridge Building S.A. (BBSA) is the Luxembourg regulated entity of Bridge, a Stripe company. We operate as an EMI and future CASP in one of Europe’s most demanding regulatory environments (CSSF, DORA, MiCA). BBSA is building a local regulated platform powered by a global-first technology model. In this context, we are looking for a sharp IT GRC Analyst to act as the bridge between strict European regulations and high-velocity global engineering. This role is the control and risk right hand of the Luxembourg Head of IT. While our global teams build the tech, you ensure it is compliant, resilient, and audit-ready. You will translate requirements like DORA and MiCA into tangible IT controls, oversee third-party risks, and maintain the integrity of our governance framework. This is not a "tick-the-box" compliance role. It is a operational position for a professional who understands technology well enough to govern it effectively. You will have high visibility, owning the frameworks that allow us to scale securely. Key Responsibilities IT Governance & Risk Management Maintain and evolve the IT Risk Register, ensuring risks are identified, assessed, and treated in line with the company’s risk appetite. Drive the local implementation of the DORA (Digital Operational Resilience Act) framework, including ICT risk management and incident classification. Bridge the gap between technical reality and policy by drafting, reviewing, and updating IT policies and procedures. Perform periodic control testing to ensure global engineering practices align with local regulatory requirements. Act as primary support to the local Head of IT Third-Party Risk Management (TPRM) Support ICT due diligence and risk assessments of critical vendors and service providers, while assisting with Developer / Customer Oversight. Monitor SLAs and KPIs of critical vendors, challenging performance where necessary. Act as the primary support to the Outsourcing Manager regarding technical vendor oversight. Access Governance & Control (IAG) Oversee the Identity & Access Governance strategy, including but not limited to adherence to Segregation of Duties, principle of least privileges and others.. Conduct periodic User Access Reviews for critical systems. Regulatory Compliance & Audit Readiness Act as the primary liaison for Internal Audit regarding IT topics. Prepare technical inputs and evidence for CSSF notifications and regulatory reporting. Monitor compliance with GDPR/Data Privacy controls (e.g., DLP oversight, data residency). Coordinate Business Continuity (BCP) and Disaster Recovery (DR) testing documentation and reporting. Incident Governance Oversee the IT incident management process to ensure proper classification, reporting, and root cause analysis (RCA). Ensure major incidents are reported to regulators within mandated timeframes (in collaboration with Compliance). Candidate Profile Education Bachelor’s or Master’s degree in Information Systems, Cybersecurity, or Business Administration (with a strong IT focus). Experience 3–6 years of experience in IT Audit, IT Risk, GRC, or Information Security. Experience in a regulated sector (Banking, Fintech, Insurance) or Big 4 Audit (IT Risk advisory) is highly preferred. Experience dealing with CSSF circulars, EBA guidelines, or DORA is a strong asset. Core Competencies Framework Knowledge: Strong understanding of ISO 27001, NIST, or COBIT. Tech Literacy: You don't need to code, but you must understand Cloud fundamentals (AWS), SaaS models, and modern infrastructure to audit them effectively. Risk Mindset: Ability to distinguish between theoretical risk and actual business risk. Communication: Ability to explain "Why we need this control" to engineers without slowing them down. Languages English: Fluent professional (Mandatory). French: Asset. Mindset Pragmatic: You value effective controls over bureaucratic paperwork. Resilient: You are comfortable dealing with ambiguity and evolving regulations. Curious: You have a genuine interest in crypto-assets, blockchain, and the future of payments. In-office expectations Office-assigned Stripes in most of our locations are currently expected to spend at least 50% of the time in a given month in their local office or with users. This expectation may vary depending on role, team and location. For example, Stripes in Stripe Delivery Center roles in Mexico City, Mexico and Bengaluru, India work 100% from the office. Also, some teams have greater in-office attendance requirements, to appropriately support our users and workflows, which the hiring manager will discuss. This approach helps strike a balance between bringing people together for in-person collaboration and learning from each other, while supporting flexibility when possible. Pay and benefits The annual salary range for this role in the primary location is €96,000 - €144,000. This range may change if you are hired in another location. For sales roles, the range provided is the role’s On Target Earnings (“OTE”) range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role. This salary range may be inclusive of several career levels at Stripe and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and specific location. Applicants interested in this role and who are not located in the primary location may request the annual salary range for their location during the interview process. Specific benefits and details about what compensation is included in the salary range listed above will vary depending on the applicant’s location and can be discussed in more detail during the interview process. Benefits/additional compensation for this role may include: equity, company bonus or sales commissions/bonuses; retirement plans; health benefits; and wellness stipends. Office locations Luxembourg Team Administrative Job type Full time Apply for this role We look forward to hearing from you At Stripe, we're looking for people with passion, grit, and integrity. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. At Stripe, we welcome diverse perspectives and people who think rigorously and aren't afraid to challenge assumptions. Join us. Apply Now Stripe logo United States (English) Australia English Austria Deutsch English Belgium Nederlands Français Deutsch English Brazil Português English Bulgaria English Canada English Français Croatia English Italiano Cyprus English Czech Republic English Denmark English Estonia English Finland English Svenska France Français English Germany Deutsch English Gibraltar English Greece English Hong Kong English 简体中文 Hungary English India English Ireland English Italy Italiano English Japan 日本語 English Latvia English Liechtenstein Deutsch English Lithuania English Luxembourg Français Deutsch English Malaysia English 简体中文 Malta English Mexico Español English Netherlands Nederlands English New Zealand English Norway English Poland English Portugal Português English Romania English Singapore English 简体中文 Slovakia English Slovenia English Italiano Spain Español English Sweden Svenska English Switzerland Deutsch Français Italiano English Thailand ไทย English United Arab Emirates English United Kingdom English United States English Español 简体中文 Products & pricing Pricing Atlas Authorization Boost Billing Capital Checkout Crypto Climate Connect Data Pipeline Elements Financial Accounts Financial Connections Identity Invoicing Issuing Link Managed Payments Payments Payment Links Payouts Radar Revenue Recognition Stripe Sigma Tax Terminal Solutions Enterprises Startups Agentic commerce Crypto Ecommerce Embedded finance Finance automation Global businesses In-app payments Marketplaces Platforms SaaS AI companies Creator economy Hospitality, travel, and leisure Insurance Media and entertainment Nonprofits Retail Integrations & custom solutions Stripe App Marketplace Stripe Partner ecosystem Professional services Developers Documentation API reference API status API changelog Libraries and SDKs Developer blog Resources Guides Customer stories Blog Sessions annual conference Privacy & terms Prohibited & restricted businesses Licenses Sitemap Cookie settings Your privacy choices Coverage transparency More resources Company Jobs Newsroom Stripe Press Contact sales Support Get support Managed support plans CA residents: +1 888 926 2289 Sign in © 2026 Stripe, LLC