Sr. GRC Analyst

Established in 2004, we are a tech pioneer offering world-class adult entertainment and games on some of the internet’s safest and most popular platforms. With the support of an international team of dynamic and collaborative innovators, we are on a mission to enable safe user experiences and empower our communities by celebrating diversity, inclusion, and expression — all while maintaining robust trust-and-safety protocols. We embrace the best of both worlds Local talent can thrive in our collaborative office space with the flexibility of a hybrid work environment, while remote team members play an integral role in shaping our dynamic culture from afar. We have offices in Montreal (Quebec), Austin (Texas) and Nicosia (Cyprus). *A select number of positions require full-time in office attendance* The GRC Analyst is responsible for supporting and maturing the Aylo’s governance, risk, and compliance programs. This role will play a key part in implementing ISO 27001, driving future framework adoption, and leveraging ServiceNow to streamline risk and compliance operations. What you’ll be doing: Lead and support audits, assessments, and certification efforts with a strong focus on ISO 27001 and NIST CSF. Manage risk assessments and track remediation activities within ServiceNow IRM. Assist in developing, implementing, and maintaining governance frameworks and policies. Support the design and operation of internal controls and compliance documentation. Partner with stakeholders across the business to align policies with regulatory requirements and best practices. Conduct risk assessments and provide actionable recommendations to reduce risk exposure. Monitor the evolving risk landscape and report on emerging compliance and security threats. Drive compliance with laws, regulations, and industry standards (ISO 27001, SOC 2, NIST, PCI-DSS, GDPR, etc.). Maintain comprehensive records for audits and regulatory reviews. Champion a culture of compliance, risk awareness, and continuous improvement across Aylo. What you’ll need to be successful: Must Haves: 5+ years of experience in Governance, Risk and Compliance Hands‑on experience implementing and maintaining ISO 27001 compliance. Strong working knowledge of ServiceNow IRM modules (risk, policy, compliance, and vendor risk). Strong understanding of regulatory requirements and standards (NIST, PCI‑DSS, GDPR). Excellent analytical, communication, and interpersonal skills. High ethical standards and integrity. Nice to Haves: Relevant certifications: ISO 27001 Lead Implementer/Auditor, CRISC, or CISM. Bachelor’s degree in Information Security, Business, or related field. Experience with SharePoint, JIRA, or similar collaboration tools. Strong problem‑solving and decision‑making skills. As an equal opportunity employer, we celebrate diversity and are committed to creating an inclusive environment for all employees In this role you may be exposed to adult content This disclaimer is to notify you that personal data relating to you has been collected by Aylo (“Controller”). This includes your personal data either submitted by you, obtained from publicly available sources (e.g., LinkedIn), or provided to us by someone with your consent, referred you for potential employment. Note that, you can withdraw your consent at any time by reaching out to us. Your personal data has been collected and will be processed by Controller for the following purposes: managing our recruitment related activities; setting up and conducting interviews and tests for you; evaluating and assessing the results pertaining to interviews and tests; and for purposes otherwise needed for evaluating your candidacy for employment at our company provided however, that we may not process your data for all of the aforementioned purposes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by a Controller, which are the solicitation, evaluation, and selection of applicants for employment. Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data has been transferred to the United States subject to appropriate additional safeguards under Standard Contractual Clauses. Your personal data will be retained by Controller as long as we determine it is necessary to evaluate your application for employment and according to our data retention period specified in our privacy policy. If you would like to know more about our privacy/data retention policy, feel free to check out our privacy policy. #J-18808-Ljbffr