CUBE are a global RegTech business defining and implementing the gold standard of regulatory intelligence for the financial services industry. We deliver our services through intuitive SaaS solutions, powered by AI, to simplify the complex and everchanging world of compliance for our clients.
Why us?
CUBE is a globally recognized brand at the forefront of Regulatory Technology. Our industry-leading SaaS solutions are trusted by the world’s top financial institutions globally.
In 2024, we achieved over 50% growth, both organically and through two strategic acquisitions. We’re a fast-paced, high-performing team that thrives on pushing boundaries—continuously evolving our products, services, and operations. At CUBE, we don’t just keep up we stay ahead.
We believe our future is built by bold, ambitious individuals who are driven to make a real difference. Our “make it happen” culture empowers you to take ownership of your career and accelerate your personal and professional development from day one.
With over 700 CUBERs across 19 countries spanning EMEA, the Americas, and APAC, we operate as one team with a shared mission to transform regulatory compliance. Diversity, collaboration, and purpose are the heartbeat of our success.
We were among the first to harness the power of AI in regulatory intelligence, and we continue to lead with our cutting-edge technology. At CUBE, You will work alongside some of the brightest minds in AI research and engineering in developing impactful solutions that are reshaping the world of regulatory compliance.
Purpose
Provide senior analyst support across technology governance, risk, and compliance by keeping GRC data, workflows, actions, and reporting current and reliable. This role helps the organisation maintain audit readiness, strengthen accountability for risk actions, and provide clear visibility of compliance status, control health, and remediation progress.
Key Responsibilities
- Maintain GRC portals, including risk registers, control records, evidence libraries, issue logs, policy links, assessment workflows, dashboards, and reporting views.
- Ensure GRC portal data is complete, accurate, consistently classified, and aligned to agreed standards for risk, control, issue, and evidence management.
- Coordinate portal updates, access reviews, workflow changes, template improvements, and reporting enhancements with technology, security, and business stakeholders.
- Perform regular data quality checks across GRC records and follow up with owners to correct missing, outdated, or inconsistent information.
- Own and manage the risk action calendar, covering risk assessments, control reviews, evidence refresh cycles, policy reviews, audit milestones, remediation deadlines, governance forums, and leadership reporting.
- Track action owners, due dates, dependencies, and completion status for risk and compliance activity.
- Proactively follow up on upcoming, overdue, or blocked actions, escalating material risks, delays, and dependencies through the appropriate governance channels.
- Use the calendar to support forward planning, workload visibility, and timely completion of recurring GRC obligations.
- Support technology risk assessments, control reviews, compliance checks, and issue management activity across security, technology, and business teams.
- Maintain and update risk registers, control mappings, compliance evidence, remediation plans, and exception records.
- Support the interpretation of policy, regulatory, contractual, and audit requirements into practical actions for control and risk owners.
- Monitor remediation progress and help ensure risk treatment plans are realistic, tracked, evidenced, and closed appropriately.
- Prepare risk and compliance status reports, dashboards, metrics, and packs for governance forums and leadership review.
- Coordinate evidence collection for internal audits, external audits, customer assurance requests, and compliance reviews.
- Validate that evidence is current, complete, clearly labelled, and mapped to the relevant controls or obligations.
- Support audit walkthroughs, control owner preparation, finding tracking, and post-audit remediation follow-up.
- Maintain reusable evidence and control documentation to reduce repeated requests and improve audit readiness.
- Partner with security, technology, legal, procurement, internal audit, and business teams to drive clear ownership of GRC actions.
- Provide guidance to control and risk owners on GRC processes, portal usage, evidence expectations, and action tracking.
- Identify opportunities to improve GRC workflows, portal usability, reporting, data quality, and stakeholder accountability.
- Contribute to the maintenance of GRC procedures, guidance materials, and operating rhythms.
- Provide support with the compliance inbox.
Skills & Competencies
- Strong experience in governance, risk, and compliance operations within a technology, cybersecurity, audit, or regulated environment.
- Practical experience maintaining GRC tools or portals, including risks, controls, issues, evidence, workflows, dashboards, and reporting.
- Strong planning and coordination skills, with the ability to manage calendars, action trackers, recurring obligations, and cross-functional follow-ups.
- Good working knowledge of technology risk management, control frameworks, audit evidence, compliance reporting, and remediation tracking.
- Ability to interpret risk and compliance requirements and translate them into clear actions for stakeholders.
- Strong attention to detail and commitment to accurate, well-governed records.
- Confident communication skills, including the ability to follow up, challenge constructively, and escalate when required.
- Comfortable working with senior stakeholders, control owners, auditors, and technical teams.
- Strong written documentation skills and the ability to produce clear status reports, dashboards, and governance packs.
- Familiarity with frameworks and obligations such as ISO 27001, NIST, SOC 2, SOX, PCI DSS, GDPR, COBIT, or DORA.
- Experience with GRC platforms such as Vanta, ServiceNow GRC, Archer, OneTrust, LogicGate, AuditBoard, Jira-based risk workflows, or equivalent tooling.
- Experience supporting third-party risk, policy management, control testing, or regulatory compliance programmes.
- Relevant certification such as CISA, CRISC, CISM, CISSP, ISO 27001, or equivalent professional experience.
Interested?
If you are passionate about leveraging technology to transform regulatory compliance and meet the qualifications outlined above, we invite you to apply. Please submit your resume detailing your relevant experience and interest in CUBE.
CUBE is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.