GRC Analyst

About

Candex is a rapidly growing private global B2B fintech company on a mission to reshape the way businesses transact. Our tech-based solution makes purchasing fast and easy for enterprise buyers. Recognized in the ProcureTech 100 for Procurement Innovation, our SaaS Platform and accompanying services completely transform the buying experience for large companies around the globe. Buyers enjoy the simplicity of Candex for their purchases, vendors get paid faster, and procurement teams love the increased control they gain over purchases — Everyone wins!

We serve companies in the Global 2,000 and our existing clients include some of the world’s biggest corporations. We’ve raised over $115M from leading investors including Goldman Sachs, 9Yards Capital, JP Morgan, American Express, Altos, Craft, and NFX. Available in almost 50 countries, Candex is expanding our already robust footprint and is looking for ambitious, fun people to join us on our mission to revolutionize the way businesses engage and pay their suppliers.

Position Overview

We are rapidly growing, and we seek a GRC Analyst to join our InfoSec team.

In this position you will report to the CISO and will be located in our Israeli office.

Trust is the cornerstone of our fintech SaaS environment, and we are looking for a GRC Analyst to uphold this principle. This role will serve as the primary liaison for both internal risk management initiatives and external inquiries, and for ensuring our internal controls adhere to international standards and frameworks.

Responsibilities

• Policy & Framework Management: Assist in developing and maintaining information security policies and procedures in alignment with international standards such as ISO 27001, NIST, CIS, GDPR, CSA and SOC 2.
• Risk & Control Lifecycle: Manage regular risk assessments to identify vulnerabilities and participate in the design, implementation, and testing of security controls to ensure organizational resilience.
• Audit & Compliance Monitoring: Coordinate internal and external security audits, managing the collection of evidence and tracking remediation efforts across various business units.
• GRC Platform Ownership: Serve as the technical owner of the company’s GRC platform.
• RFI Lifecycle Management: Act as the primary point of contact for managing the end-to-end process for client security questionnaires and due diligence requests from triage to final submission.
• Knowledge Base Architecture: Build and maintain a centralized, AI-assisted repository of approved technical responses covering Security, Privacy, Product Tech (e.g., oAuth, integrations), Legal, ESG, and Finance.
• SME Collaboration & Triage: Facilitate cross-functional communication by triaging inquiries and escalating complex technical or legal questions to the appropriate Subject Matter Experts in R&D, Product, Legal, and Compliance.
• Technical Trust Documentation: Create and update client-facing collateral, including security white papers, trust center content, and compliance summaries to proactively address stakeholder inquiries.
• Process Optimization & Metrics: Evaluate and implement new SaaS tools to automate the RFI workflow while tracking performance metrics like volume and response times to drive operational efficiency.
• Stakeholder Enablement: Develop and deliver training materials, wikis, and "How-to" guides to educate GTM and technical teams on the standardized RFI process and SME engagement model.
  
  

• Team player
• 2+ years of experience in a similar role
• Native or High English proficiency with excellent written and verbal communications skills
• Ability to juggle priorities, meet deadlines, and work with grace under pressure
• Technical understanding of IT infrastructure, networking and systems
• Knowledgeable of relevant regulations, such as GDPR, CCPA and similar privacy frameworks, as well as information security industry standards, such as ISO 27001 and SOC2 Type II
• Experience in identifying and mitigating risks
  
  

• IT/security certifications such as A+, Security+, ISC2 CC
• Native English speaker
• Experience in auditing / consulting
• Experience in Compliance
• Experience in Risk management frameworks such ISO 31000
• Experience utilizing GRC platforms or security questionnaire automation tools.
• Experience with cloud security principles and relevant compliance standards (e.g., CSA STAR, AWS Well Architected Framework).
  
  

• We are humble, hungry, intelligent and collaborative. Work alongside teammates who value curiosity, kindness, and shared success.
• Competitive Compensation – Earn a salary and benefits that reflect your skills and impact.
• Global Team + Mindset – Join a diverse, international team that thinks beyond borders.
• Home Office Setup – Get the gear and support you need to work comfortably from anywhere.
• Professional Development – Grow your skills with training and learning sessions.
• Internal Mobility – Explore new global roles and career paths without leaving the company.
• Team Outings – Connect and celebrate with colleagues through regular social events.
  
  

• Be a Stickler for Details - we think about the details when making decisions and ensure we haven’t overlooked anything.
• Debate, Decide, Deliver - Candexers foster a culture of open debate so we can make the right decision.
• Innovate to Simplify - we continuously look for simpler ways to do everything.
• Follow Through, Follow Up - we are always moving the ball forward – when we say we will do something, we do it.
• Attract & Develop the Best - we expect each hire to raise the bar, and once they start, they should continue to develop their skills with the support of leadership.
• Keep an Obsessive Customer Focus - our customers’ satisfaction is our obsession, and we will stop at nothing to make their experience simple & flawless.
• Learn & Be Curious - we foster an environment of continual learning and encourage challenging questions and believe curiosity drives innovation and improvement.
• Act with Integrity & Professionalism - we act with honesty, transparency, and ethical principles – ensuring our actions align with our values.