Governance, Risk & Compliance Officer
Posted on:
June 24, 2025
Job description
About the Role
As the Governance, Risk & Compliance Officer (GRC) Officer at ROLLER, you’ll play a key role in helping us scale securely and confidently as we grow into new markets. You’ll be part of our Security team, reporting to the Lead Security Engineer, and work across the business to keep our governance, risk, and compliance programs running smoothly and improving as we go.
Your focus will be on maintaining and strengthening our compliance posture across frameworks like SOC 2, PCI DSS, and GDPR. Using tools like Vanta, you’ll manage evidence collection, track risk, and ensure our policies and controls are always up to date. You’ll be the person who spots gaps before they become issues, supports seamless audits, and helps teams across ROLLER understand what great compliance looks like. It’s a hands-on, high-impact role — perfect for someone who loves structure, cares about doing things the right way, and wants to grow their career while helping ROLLER raise the bar.
Responsibilities
What You'll Do
- Support ROLLER’s growth by helping us meet global compliance standards like SOC 2, PCI DSS, and GDPR, using Vanta to monitor our status and guide improvement.
- Own the collection and organisation of compliance evidence — ensuring all documentation is complete, current, and ready for audits at any time.
- Collaborate with cross-functional teams across Security, IT, Product, and Operations to gather inputs, track actions, and drive accountability on compliance tasks.
- Maintain and update our risk register, helping identify, document, and track risks — and ensuring mitigation efforts stay on course.
- Review and enhance internal policies, procedures, and controls to reflect evolving regulations, business needs, and operational feedback.
- Coordinate compliance audits end-to-end — from preparation and evidence gathering to responding to auditor requests and managing follow-up actions.
- Monitor compliance progress across the business and proactively flag gaps, recommending practical solutions to close them quickly.
- Help implement scalable security and privacy controls that teams can easily understand, adopt, and maintain.
- Contribute to internal training and awareness initiatives that build a strong, company-wide culture of compliance and accountability.
Job requirements
About You
- You’ve got 2–5 years of experience in GRC, cybersecurity, or IT risk, ideally within a SaaS or tech environment.
- You know your way around compliance frameworks like SOC 2, PCI DSS, GDPR/CCPA, and ISO 27001, and you’ve helped implement or manage controls before.
- You’re a confident communicator — you write clearly, speak plainly, and know how to bring people along with you.
- You’re organised and dependable. Tasks get tracked, deadlines get hit, and your documentation is always crisp.
- You have a degree (or equivalent experience) in Information Security, Risk Management, Computer Science, or something related.
- Certifications like CISSP, CISM, CRISC, or ISO 27001 Auditor/Implementer are a bonus, but not a must.
- You pay attention to the details — spotting small issues before they become big ones.
- You love a good process and look for ways to improve it.
- You work well with others and build trust easily — even when you don’t have formal authority.
- You approach problems methodically and solve them with common sense.
- You’re adaptable and calm under pressure — new priorities don’t throw you off.
- You’re always learning and keep your skills sharp to help raise the bar for everyone around you.
