IT GRC Auditor

Hi We're Mercuryo, and we're on a mission to redefine finance by blending the best of traditional banking with the innovations of decentralized finance (DeFi). We believe that everyone should have easy access to Web3 and traditional financial services — and we're making that happen by building a robust platform that simplifies dealing with crypto and seamlessly integrates it into the broader financial ecosystem.

Since we launched in 2018, we've teamed up with Web3 top projects such as MetaMask, Trust Wallet, Ledger, Jupiter, 1inch, and PancakeSwap and 200+ others to power over 200 dynamic products. Our work also brings us into direct collaboration with major ecosystems such as Solana Labs, Consensys, and BNB Chain. We're just getting started, and we want you to help us shape the future of money

Why Mercuryo?

Industry Impact

Join us in helping world-class Web3 projects onboard millions of new users into the next generation of finance.

Innovative Environment

Collaborate with more than 300 talented professionals from diverse backgrounds — including banking, SaaS, and Web3 — all united in delivering outstanding user experiences.

Growth and Learning

Our expanding network of 200+ B2B partnerships and a user base of over 7 million means there's always room to grow your skills, tackle new challenges, and push boundaries.

Flexible Culture

We're remote-first, celebrating diversity across 30 countries. At Mercuryo, you'll be empowered to take ownership of your work, spark creativity, and shape how we move forward together.

About The Role
We are looking for a proactive and detail-oriented IT GRC Auditor to join our team. In this role, you will be responsible for evaluating the effectiveness of IT governance, risk management, and compliance processes across the organization. You will conduct audits of information systems, assess security and regulatory risks, and ensure that internal controls align with international standards such as ISO 27001, SOC 2, PCI DSS, and MiCA/DORA. This position plays a key role in strengthening our security posture and supporting the company's strategic and regulatory objectives.

Your Role

• Conducting audits of the Company's information systems in terms of information security / IT GRC.
• Participation in the analysis and identification of information security risks and operational efficiency of the Company's information systems.
• Assessment of the effectiveness of compliance with internal and external (regulatory) requirements for information security and the application of protective measures that reduce information security risks.
• Participation in organizing and assisting in conducting external audits for compliance with information security standards (PCI DSS, SOC 2 Type2, ISO 27001, MiCA / DORA, other information security standards, compliance with which will be necessary for the implementation of the Company's business strategy).
• Preparation of analytical reports on the results of internal audits and on the activities of external auditors.
• Effective communication and exchange of experience with colleagues from information security, related departments (IT, Product Owners, Project Managers, Compliance, HR, Legal departments), external auditors.

What We're Looking For

• Experience in auditing in the field of information technology / information security and / or experience in system administration / ensuring information security in large organizations.
• Understanding of the business processes of financial organizations and their implementation using information technology and / or understanding of the basics of secure development of IT products.
• Knowledge of the main approaches to ensuring information security and implementing security measures, as well as the basic principles of information technology.
• Understanding the impact of security measures on mitigating information security risks and/or the possibility of cyber attacks.
• Knowledge of and experience in implementing the requirements of one or more information security standards in the Company: PCI DSS, SOC 2 Type2, ISO 27001, MiCA/DORA are desirable, but experience in implementing the requirements of other information security standards is also taken into account.
• Ability to read, understand and use high-level design diagrams (HLD), sequence diagrams and/or customer journey diagrams (CJM).
• Ability to clearly and accessibly express thoughts orally and in writing, ability to structure and formulate conclusions and recommendations based on the analysis.

What We Offer

• Competitive market rate salary and performance-based incentives.
• 22 days annual leave with an additional 6 company days, plus bank holidays.
• Comprehensive health insurance plans.
• Extensive benefits program.
• Flexible work schedule and remote work options.
• Modern offices and co-working spaces across 6 countries.
• Working equipment.
• Professional development and training opportunities.
• Opportunity to shape the initiatives you're working on.
• Diverse and friendly team.
• We are open-minded to new ideas.

Join Us

If you're driven to be a part of the web3 forefront and are keen to leave your mark on this rapidly evolving field, Mercuryo is an excellent choice. Discover our open positions and see how you can contribute to shaping the future.

Mercuryo is an equal opportunity employer and prohibits discrimination and harassment of any kind. We are committed to providing employees with a work environment that is progressive and open-minded. Our employment philosophy is to hire the best people and empower them to do the best work of their lives. Employment decisions are based on business needs and individual merit, without regard to race, colour, religion, ethnicity, sexual orientation, nationality, marital status, gender, age, disability, veteran status, or any other characteristic protected by law. Mercuryo is also committed to providing reasonable accommodations during the application process for qualified individuals with disabilities. If you require assistance to complete your application, please contact our Talent Team.