GRC Analyst

19 Hours ago • All levels • $135,800 PA - $188,700 PA

Job Summary

Job Description

As a GRC Analyst at Mercury, you will be crucial in building resilience and improving governance. The role involves collaborating with the engineering team to define and enhance security posture, applying GRC principles, improving the reliability and security of the business, implementing security frameworks, and automating security controls to minimize risks. You will be responsible for conducting gap analyses, creating plans to address gaps, and engaging stakeholders. This role emphasizes the importance of GRC in preventing breaches, protecting data, and ensuring business continuity. The candidate should be tech-savvy and excel in communicating governance, risk, and compliance requirements.
Must have:
  • Familiarity with security frameworks (NIST, PCI-DSS, CIS, ISO).
  • Strong problem-solving and analytical skills.
  • Understanding of accepted security practices.
  • Knowledge and understanding of cloud services.

Job Details

In 2001, a prominent corporate fraud scandal led to the Sarbanes-Oxley Act (SOX) of 2002, which introduced strict regulations on financial reporting and internal controls. While SOX was primarily focused on corporate governance, it became a foundational moment for IT controls and compliance—forcing companies to establish stronger audit trails, risk management processes, and accountability in IT systems.

2017, In one of the most infamous data breaches in history, the personal information of 147 million people was exposed due to an unpatched vulnerability. The breach wasn’t just a technical failure—it was a breakdown in governance and risk management. A known vulnerability had been disclosed, but it wasn’t properly tracked or remediated, showing a lack of strong risk and compliance processes.

2021, a single compromised password led to a ransomware attack that shut down fuel supplies across the U.S. East Coast, causing widespread panic and economic impact. Investigations found poor governance over identity management and a lack of segmented networks, making it easier for attackers to escalate their access.

Each of these cases demonstrates why GRC is the backbone of security. GRC professionals don’t just enforce rules—they prevent breaches, protect data, and enable business continuity. Whether it’s through risk assessments, compliance frameworks, vendor oversight, or incident response planning, a strong GRC function ensures security isn’t just a technical concern but an integrated business priority.

Risk management isn’t just about IT or security — it’s about business resilience. Strong governance over identity access, network segmentation, and incident response can prevent catastrophic failures.

Mercury is growing rapidly, and as we expand beyond, we must continue to build resilience and improve governance. We have a solid foundation but the expansion, renovation, and exploration that come next needs guardrails all along the way. We are looking for a GRC analyst to help build the battens and transoms that will lift up our business continuity and resilience. 

As part of this role, you and your team will:

  • Collaborate with the engineering team to define and enhance the organization's security posture.
  • Apply a deep understanding of Governance, Risk, and Compliance (GRC) principles to engineering initiatives.
  • Work closely with engineering to improve the reliability and security of the business.
  • Implement, monitor, and maintain various security frameworks, with a focus on regulatory compliance standards (e.g., NIST, PCI, CIS).
  • Automate security controls to minimize risks and enhance overall security resilience.

The ideal candidate for the role:

  • Familiarity with standard security frameworks, including NIST, PCI-DSS, CIS, ISO, etc.
  • Strong problem-solving and analytical skills, with the ability to remain composed in high-stress situations.
  • Fundamental understanding of accepted security practices, including troubleshooting, identifying attack vectors, and providing customer support.
  • Knowledge and understanding of cloud services, with a 100% cloud-native approach.

Your Day to Day:

In this role, you will be a tech-savvy professional who excels in communicating governance, risk, and compliance requirements for various technologies. Your immediate responsibilities will include conducting a gap analysis on various frameworks. You will create a comprehensive plan to address and close these gaps, engaging relevant stakeholders throughout the process.

Tools and Technologies:

  • Utilize a range of tools and technologies, including but not limited to:
    • AWS Config, Audit Manager
    • Orca,
    • GitHub
    • Vanta
  • GRC (Governance, Risk, and Compliance) tools

*Mercury is a financial technology company, not a bank. Banking services provided by Choice Financial Group, Column N.A., and Evolve Bank & Trust®; Members FDIC.

The total rewards package at Mercury includes base salary, equity (stock options), and benefits. Our salary and equity ranges are highly competitive within the SaaS and fintech industry and are updated regularly using the most reliable compensation survey data for our industry. New hire offers are made based on a candidate’s experience, expertise, geographic location, and internal pay equity relative to peers.

Our target new hire base salary ranges for this role are the following:

  • US employees in New York City, Los Angeles, Seattle, or the San Francisco Bay Area: USD $151,000-$188,700
  • US employees outside of the New York City, Los Angeles, Seattle, or the San Francisco Bay Area: USD $135,800-$169,800
  • Canadian employees (any location): CAD 142,600-160,500

Mercury values diversity & belonging and is proud to be an Equal Employment Opportunity employer. All individuals seeking employment at Mercury are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation, or any other legally protected characteristic. We are committed to providing reasonable accommodations throughout the recruitment process for applicants with disabilities or special needs. If you need assistance, or an accommodation, please let your recruiter know once you are contacted about a role.

We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on January 22, 2024. Please see the independent bias audit report covering our use of Covey here.

#LI-AC1

 

Similar Jobs

Gaming Innovation Group  - Senior Platform DevOps Engineer

Gaming Innovation Group

St. Julian's, Malta (Hybrid)
1 Month ago
Synechron - Angular Developer

Synechron

Pune, Maharashtra, India (On-Site)
1 Day ago
SYBO - QA Intern - Central Technology

SYBO

Copenhagen, Denmark (On-Site)
2 Months ago
Epic Games - Senior Data Analyst

Epic Games

(On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

ZiMAD - Project Manager

ZiMAD

(Remote)
2 Months ago
Luxoft - Orchestrade - Azure infrastructure cloud Senior engineer

Luxoft

Poland, Ohio, United States (Remote)
5 Months ago
Drive mode - Mobile Software Engineer - iOS

Drive mode

Mountain View, California, United States (Hybrid)
2 Months ago
Fluence - Controls Software Engineer-II(m/f/d)

Fluence

Berlin, Berlin, Germany (Hybrid)
6 Months ago
Alaan - Backend Engineer

Alaan

Bengaluru, Karnataka, India (On-Site)
7 Months ago
N-iX - Senior/Lead Full Stack Engineer (.NET+React)

N-iX

Colombia (Remote)
2 Months ago
Prophecy - Backend Engineer

Prophecy

Bengaluru, Karnataka, India (On-Site)
1 Day ago
N-iX - Senior Frontend Engineer

N-iX

Poland (Hybrid)
2 Weeks ago
The Walt Disney Company - Principal Software Engineer

The Walt Disney Company

Morrisville, North Carolina, United States (On-Site)
3 Days ago
SailPoint - Sr. Observability Engineer

SailPoint

Pune, Maharashtra, India (On-Site)
1 Day ago

Get notifed when new similar jobs are uploaded

Jobs in San Francisco, California, United States

Instawork - Retail Enterprise Account Executive

Instawork

Chicago, Illinois, United States (Hybrid)
1 Day ago
Payactiv - Marketing Copywriter

Payactiv

Milpitas, California, United States (Hybrid)
6 Months ago
Scale AI - Forward Deployed Engineer - GenAI Quality

Scale AI

San Francisco, California, United States (Hybrid)
1 Day ago
NVIDIA - Senior Solutions Architect, Retail

NVIDIA

Arkansas, United States (Remote)
2 Weeks ago
AGS - American Gaming Systems - Assembler I

AGS - American Gaming Systems

Oklahoma City, Oklahoma, United States (On-Site)
6 Months ago
Next Level Business Services - Adobe Audience Manager

Next Level Business Services

San Leandro, California, United States (On-Site)
6 Months ago
The Walt Disney Company - Manager, User Experience Design - ESPN Fantasy

The Walt Disney Company

New York, New York, United States (On-Site)
2 Weeks ago
Scale AI - Engineering Manager, Contributor Quality

Scale AI

San Francisco, California, United States (Hybrid)
1 Day ago
Google - Senior Software Engineer, Infrastructure, Google Cloud NetInfra

Google

Sunnyvale, California, United States (On-Site)
2 Weeks ago
Google - Senior Software Engineer, Infrastructure, Google Cloud Platforms

Google

Sunnyvale, California, United States (On-Site)
2 Weeks ago

Get notifed when new similar jobs are uploaded

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

Mercury is the fintech ambitious companies use for banking* and all their financial workflows. With a powerful bank account at the center of their operations, companies can make better financial decisions and ensure that every dollar spent aligns with company priorities. That's why over 200K startups choose Mercury to confidently run all their financial operations with the precision, control, and focus they need to operate at their best. To learn more, visit Mercury.com.


*Mercury is a financial technology company, not a bank. Banking services provided by Choice Financial Group and Evolve Bank & Trust, Members FDIC.

San Francisco, California, United States (On-Site)

San Francisco, California, United States (On-Site)

San Francisco, California, United States (On-Site)

San Francisco, California, United States (On-Site)

San Francisco, California, United States (On-Site)

San Francisco, California, United States (On-Site)

Melbourne, Victoria, Australia (On-Site)

Dublin, County Dublin, Ireland (On-Site)

View All Jobs

Get notified when new jobs are added by Mercury

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug