
Stripe · Luxembourg
WHO WE ARE ABOUT STRIPE Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world's largest enterprises to the most ...
Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world's largest enterprises to the
most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission
is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented
opportunity to put the global economy within everyone's reach while doing the most important work of your career.
Bridge Building S.A. (BBSA) is the Luxembourg regulated entity of Bridge, a Stripe company. We operate as an EMI and future CASP
in one of Europe's most demanding regulatory environments (CSSF, DORA, MiCA).
BBSA is building a local regulated platform powered by a global-first technology model.
In this context, we're looking for an IT GRC Analyst to act as the bridge between strict European regulations and high-velocity
global engineering.
This role is the control and risk right hand of the Bridge Global CISO. While our global teams build the tech, you ensure it is
compliant, resilient, and audit-ready. You'll translate requirements like DORA and MiCA into tangible IT controls, oversee
third-party risks, and maintain the integrity of our governance framework.
This is not a tick-the-box compliance role. It is an operational position for a professional who understands technology well
enough to govern it effectively. You'll have high visibility, owning the frameworks that allow us to scale securely.
IT governance and risk management • Maintain and evolve the IT Risk Register, ensuring risks are identified, assessed, and treated
in line with the company's risk appetite. • Drive the local implementation of the DORA (Digital Operational Resilience Act)
framework, including ICT risk management and incident classification. • Bridge the gap between technical reality and policy by
drafting, reviewing, and updating IT policies and procedures. • Perform periodic control testing to ensure global engineering
practices align with local regulatory requirements. • Act as the primary support to the local Head of IT.
Third-party risk management (TPRM) • Support ICT due diligence and risk assessments of critical vendors and service providers,
while assisting with Developer and Customer Oversight. • Monitor service level agreements and performance metrics of critical
vendors, challenging performance where necessary. • Act as the primary support to the outsourcing manager regarding technical
vendor oversight.
Access governance and control (IAG) • Oversee the identity and access governance strategy, including adherence to Segregation of
Duties, principle of least privilege, and others. • Conduct periodic user access reviews for critical systems.
Regulatory compliance and audit readiness • Act as the primary liaison for internal audit regarding IT topics. • Prepare technical
inputs and evidence for CSSF notifications and regulatory reporting. • Monitor compliance with GDPR and data privacy controls
(e.g., DLP oversight, data residency). • Coordinate business continuity (BCP) and disaster recovery (DR) testing documentation and
reporting.
Incident governance • Oversee the IT incident management process to ensure proper classification, reporting, and root cause
analysis (RCA). • Ensure major incidents are reported to regulators within mandated timeframes, in collaboration with Compliance.
Company description: "Founded in 1927, the Volvo Group is committed to driving prosperity and shaping the future landscape through sustainable transport, mobility, and infrastructure solutions. By offering trucks, buses, construction equipment, power solutions for marine and industrial applications, financing and services that increase our customers’ uptime and productivity. Our headquarters are in Gothenburg, Sweden. Volvo Group shares are listed on Nasdaq Stockholm." Job description: At Volvo Group, cybersecurity is an essential part of shaping sustainable, safe, and resilient transport and infrastructure solutions for the future. As our digital landscape grows more connected, complex, and business-critical, we are strengthening our capability to understand, evaluate, and manage cyber risk across technologies, processes, and organizations. We are now looking for a Cyber Risk Management Specialist to help us turn cybersecurity insight into clear, actionable risk understanding. This is a role for someone who enjoys working at the intersection of cyber threats, business impact, governance, controls, and stakeholder collaboration. In this role, you will support and drive cyber risk management activities across Volvo Group. You will work closely with cybersecurity specialists, IT teams, business stakeholders, governance functions, and leadership to identify, assess, communicate, and follow up cyber risks in a structured and business-relevant way. Your responsibilities will include: Facilitate and perform cyber risk assessments across technologies, services, and organizational contexts. Turn technical and business inputs into clear, business-relevant risk statements. Support qualitative and quantitative risk analysis, including likelihood, impact, exposure, and control effectiveness. Evaluate security controls from technical safeguards to governance processes. Assess control maturity and recommend practical improvement actions. Support methods, templates, and tools, and facilitate workshops with technical and non-technical stakeholders. Who are you? You are a structured, analytical, and collaborative cybersecurity professional with a strong interest in cyber risk. You enjoy connecting information across different domains, seeing patterns, and helping others understand what those patterns mean from a risk perspective.You are comfortable working with complex topics, but you do not hide behind complexity. You can explain deep technical or specialized matters in clear, jargon-free language, and you know how to adapt your communication depending on whether you are speaking with engineers, managers, auditors, or senior leaders.You are self-driven, curious, diplomatic, and action-oriented. You like creating clarity, building trust, and enabling progress in cross-functional environments. We believe you bring Solid understanding of cybersecurity fundamentals and how domains connect (threats, vulnerabilities, controls). Experience supporting or performing cyber risk assessments and turning findings into clear, business-relevant risk statements. Working knowledge of risk management concepts and common security standards or frameworks (GRC, information security). Strong communication and facilitation skills in English, with the ability to work effectively with both technical and non-technical stakeholders. Structured and proactive way of working: able to plan, document, and drive work forward in cross-functional settings. Ability to assess control effectiveness and maturity, and translate findings into practical improvement actions. Nice to have: Experience with quantitative risk methods (or strong interest in developing in this area). Experience with GRC or risk management tools and platforms. Certifications such as CISSP, CISM, CRISC, ISO/IEC 27001, FAIR, or similar. Background in security advisory, compliance, internal control, assurance, or audit. Ready for the next move? Apply now and help us strengthen cyber resilience across Volvo Group. Last application date is July 30th. We will start reviewing the applications in August after the summer holidays. Swedish Union representatives: Akademikerna – Mikael Johansson, +46 73 902 34 30 Unionen – Lajla Dahlsjö, +46 31 322 45 75 Ledarna – Carina Sachade, +46 73 902 40 83 We value your data privacy and therefore do not accept applications via mail. Who we are and what we believe in We are committed to shaping the future landscape of efficient, safe, and sustainable transport solutions. Fulfilling our mission creates countless career opportunities for talents across the group’s leading brands and entities. Applying to this job offers you the opportunity to join Volvo Group. Every day, you will be working with some of the sharpest and most creative brains in our field to be able to leave our society in better shape for the next generation. We are passionate about what we do, and we thrive on teamwork. We are almost 100,000 people united around the world by a culture of care, inclusiveness, and empowerment. Volvo Group Digital Technology & Operations (DTO) is a new division established to integrate the capabilities of VG Digital & IT and VG Connected Solutions to accelerate the digital transformation in Volvo Group. The organizational set up is structured around domains, digital products with functions for digital excellence to deliver outstanding customer experience.
ABOUT US Legora is redefining how legal work gets done. Not built for lawyers, built with them. We work alongside the world’s best legal teams, who expect excellence, precision, and speed, and we hold ourselves to the same bar. Our AI-native workspace lets legal professionals move faster, think more clearly, and operate with sharper precision. By analysing thousands of documents in minutes and powering end-to-end workflows, we cut through complexity, teams can focus on what matters: judgment, strategy, and outcomes. 1,000+ customers across 50+ countries trust us, including Cleary Gottlieb, Goodwin, Linklaters, White & Case, Dentons, and Barclays. We’ve scaled to $100M+ in ARR, with teams across Europe, North America and APAC, and continue to expand through acquisitions including Qura, Walter AI and Graceview. We partner with world-class performers: including Aaron Judge and the New York Yankees, Ludvig Åberg (and his caddie), and campaigns featuring Jude Law. Joining Legora means three things. * We lean in: ownership over titles, outcomes over intentions. * We fight for excellence: high standards, direct, ego-free feedback. * We grow together: as a team and with our customers. Mission before ego. Everyone contributes. No one coasts. If you’re driven by impact, pace, and raising the bar. This is the place. The Role Customer Trust is how Legora earns and keeps the confidence of the world's most demanding legal teams in how we handle their data — and how our AI handles it. We are the front line for customer security, privacy, and compliance scrutiny: the team that answers the hard questions buyers, CISOs, and procurement teams ask. We own the security questionnaires (including their AI sections), the trust portal, the audit and evidence requests, and the customer-facing side of our SOC 2, ISO 27001, and AI-governance posture. We partner closely with Information Security, Privacy and Legal counsel, and Go-to-Market to turn scrutiny into signed, renewed, and expanded relationships. Our work makes Legora easy to trust and easy to buy. What You'll Be Doing * Own customer trust requests end-to-end: security questionnaires (SIG, CAIQ, and bespoke), DDQs, and the security and AI sections of RFPs — delivering high-quality responses against agreed SLAs in time-sensitive sales and renewal cycles. * Answer the AI-trust questions buyers now ask: questions on training-data handling and retention, model-provider subprocessors, data residency, and our EU AI Act, ISO/IEC 42001, and NIST AI RMF posture — coordinating with Privacy and Legal counsel on anything touching privilege or client confidentiality. * Communicate with expertise: translate Legora's security, privacy, and AI-governance posture into clear, confident answers for customer CISOs, GCs, and procurement teams. * Master the product and controls: develop deep expertise in Legora's platform, its security and compliance controls, and its AI supply chain, so you can resolve complex trust questions with sound judgment. * Run the trust portal and evidence repository: keep the portal, SOC 2 / ISO reports, penetration-test summaries, DPAs, subprocessor and model-provider lists, and AI-governance documentation current, accurate, and self-serve. * Review security and contractual terms: support DPAs, security addenda, and non-standard customer security and AI terms, partnering with Legal to land them without slowing the deal. * Build the response library and automate: maintain reusable, approved responses and drive questionnaire automation, including AI-assisted drafting, to raise quality and cut turnaround. * Drive improvements and monitor proactively: spot recurring questions, objections, and emerging requirements, and partner with Information Security, Product, and Legal to close gaps and reduce repeat work. * Support customer audits and security reviews: coordinate customer-facing security calls, audit responses, and follow-ups with precision and care. * Shape the function: as an early team member, build the processes, workflows, and standards for Customer Trust that scale globally. Who You Are * 3–5 years in customer trust, security GRC, security assurance, third-party risk, or a closely related customer-facing security or compliance role. * You've owned complex, high-stakes B2B relationships with demanding security, procurement, and legal stakeholders — taking full ownership of issues, delivering exceptional outcomes, and turning scrutiny into trust. * You can translate technical security and AI-governance controls into clear, customer-ready answers, with the judgment to know what to answer, what to caveat, and what to escalate. * You notice patterns, anticipate objections before they escalate, and collaborate cross-functionally to drive lasting improvements. * You are customer-obsessed, organized, and detail-oriented under deadline pressure. * You are technically curious and comfortable learning new software, security concepts, and AI and compliance frameworks quickly. * Someone who enjoys being in the office 5 days a week. A key component of Legora’s success has been in-person collaboration and we want you to be part of that. Nice To Have * Familiarity with SOC 2, ISO 27001, GDPR, and NIST, plus DPAs and subprocessor management. * Exposure to AI governance and assurance: EU AI Act, ISO/IEC 42001, NIST AI RMF, model-training and data-retention questions, and AI-subprocessor disclosure. * Certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Implementer / Lead Auditor. * Experience with trust and GRC tooling such as Vanta, Drata, SafeBase, OneTrust, Conveyor, or Loopio. * A working understanding of cloud security and data-handling fundamentals — access, encryption, and data residency. * Background in SaaS, AI, or legal tech environments. WHAT'S IN IT FOR YOU * Global collaboration: Partner with teams and clients across Stockholm, New York, London, and Sydney. * Competitive package: Comprehensive salary, benefits, and tools for success. * Meaningful work: Your efforts shape how thousands of lawyers use AI daily. * In-person environment: Union Square office designed for ambitious builders and company provided lunch daily. * Benefits & Perks: We invest in our people with a comprehensive, thoughtfully designed benefits package: Medical, Dental & Vision * Multiple medical plan options via Aetna and Kaiser Permanente * HSA or Healthcare FSA (based on plan selection) * Dental plans via MetLife * Vision plans via Vision Care Family Support * Generous parental leave * Free access to Maven Clinic * Dependent Care FSA * Free One Medical membership for employees and dependents Additional Perks * Pre-tax commuter benefits * Life Insurance + STD/LTD * 401(K) with generous company match * Unlimited PTO * Robust voluntary benefits, including identity protection (via Aura), legal coverage via MetLife, pet savings programs, and more Legora is an Equal Opportunity Employer At Legora, we believe great teams are built on diversity of thought and experience. We’re proud to be an equal opportunity employer and committed to creating an inclusive, high-performance culture where everyone can do their best work. We welcome people of all backgrounds and don’t discriminate based on race, color, religion, national origin, gender, gender identity or expression, sexual orientation, age, disability, veteran status, or any other characteristic protected by law.
ABOUT US Legora is redefining how legal work gets done. Not built for lawyers, built with them. We work alongside the world’s best legal teams, who expect excellence, precision, and speed, and we hold ourselves to the same bar. Our AI-native workspace lets legal professionals move faster, think more clearly, and operate with sharper precision. By analysing thousands of documents in minutes and powering end-to-end workflows, we cut through complexity, teams can focus on what matters: judgment, strategy, and outcomes. 1,000+ customers across 50+ countries trust us, including Cleary Gottlieb, Goodwin, Linklaters, White & Case, Dentons, and Barclays. We’ve scaled to $100M+ in ARR, with teams across Europe, North America and APAC, and continue to expand through acquisitions including Qura, Walter AI and Graceview. We partner with world-class performers: including Aaron Judge and the New York Yankees, Ludvig Åberg (and his caddie), and campaigns featuring Jude Law. Joining Legora means three things. * We lean in: ownership over titles, outcomes over intentions. * We fight for excellence: high standards, direct, ego-free feedback. * We grow together: as a team and with our customers. Mission before ego. Everyone contributes. No one coasts. If you’re driven by impact, pace, and raising the bar. This is the place. The Role Customer Trust is how Legora earns and keeps the confidence of the world's most demanding legal teams in how we handle their data — and how our AI handles it. We are the front line for customer security, privacy, and compliance scrutiny: the team that answers the hard questions buyers, CISOs, and procurement teams ask. We own the security questionnaires (including their AI sections), the trust portal, the audit and evidence requests, and the customer-facing side of our SOC 2, ISO 27001, and AI-governance posture. We partner closely with Information Security, Privacy and Legal counsel, and Go-to-Market to turn scrutiny into signed, renewed, and expanded relationships. Our work makes Legora easy to trust and easy to buy. What You'll Be Doing * Own customer trust requests end-to-end: security questionnaires (SIG, CAIQ, and bespoke), DDQs, and the security and AI sections of RFPs — delivering high-quality responses against agreed SLAs in time-sensitive sales and renewal cycles. * Answer the AI-trust questions buyers now ask: questions on training-data handling and retention, model-provider subprocessors, data residency, and our EU AI Act, ISO/IEC 42001, and NIST AI RMF posture — coordinating with Privacy and Legal counsel on anything touching privilege or client confidentiality. * Communicate with expertise: translate Legora's security, privacy, and AI-governance posture into clear, confident answers for customer CISOs, GCs, and procurement teams. * Master the product and controls: develop deep expertise in Legora's platform, its security and compliance controls, and its AI supply chain, so you can resolve complex trust questions with sound judgment. * Run the trust portal and evidence repository: keep the portal, SOC 2 / ISO reports, penetration-test summaries, DPAs, subprocessor and model-provider lists, and AI-governance documentation current, accurate, and self-serve. * Review security and contractual terms: support DPAs, security addenda, and non-standard customer security and AI terms, partnering with Legal to land them without slowing the deal. * Build the response library and automate: maintain reusable, approved responses and drive questionnaire automation, including AI-assisted drafting, to raise quality and cut turnaround. * Drive improvements and monitor proactively: spot recurring questions, objections, and emerging requirements, and partner with Information Security, Product, and Legal to close gaps and reduce repeat work. * Support customer audits and security reviews: coordinate customer-facing security calls, audit responses, and follow-ups with precision and care. * Shape the function: as an early team member, build the processes, workflows, and standards for Customer Trust that scale globally. Who You Are * 3–5 years in customer trust, security GRC, security assurance, third-party risk, or a closely related customer-facing security or compliance role. * You've owned complex, high-stakes B2B relationships with demanding security, procurement, and legal stakeholders — taking full ownership of issues, delivering exceptional outcomes, and turning scrutiny into trust. * You can translate technical security and AI-governance controls into clear, customer-ready answers, with the judgment to know what to answer, what to caveat, and what to escalate. * You notice patterns, anticipate objections before they escalate, and collaborate cross-functionally to drive lasting improvements. * You are customer-obsessed, organized, and detail-oriented under deadline pressure. * You are technically curious and comfortable learning new software, security concepts, and AI and compliance frameworks quickly. * Someone who enjoys being in the office 5 days a week. A key component of Legora’s success has been in-person collaboration and we want you to be part of that. Nice To Have * Familiarity with SOC 2, ISO 27001, GDPR, and NIST, plus DPAs and subprocessor management. * Exposure to AI governance and assurance: EU AI Act, ISO/IEC 42001, NIST AI RMF, model-training and data-retention questions, and AI-subprocessor disclosure. * Certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Implementer / Lead Auditor. * Experience with trust and GRC tooling such as Vanta, Drata, SafeBase, OneTrust, Conveyor, or Loopio. * A working understanding of cloud security and data-handling fundamentals — access, encryption, and data residency. * Background in SaaS, AI, or legal tech environments. *Please note that due to summer holidays, our response times may be a little longer than usual. We'll be reviewing applications from late July/early August. Thank you for your patience! Legora is an Equal Opportunity Employer At Legora, we believe great teams are built on diversity of thought and experience. We’re proud to be an equal opportunity employer and committed to creating an inclusive, high-performance culture where everyone can do their best work. We welcome people of all backgrounds and don’t discriminate based on race, color, religion, national origin, gender, gender identity or expression, sexual orientation, age, disability, veteran status, or any other characteristic protected by law.