Grc Analyst

at Mercury
  • $102k-$188k
  • Remote - United States, Canada

Remote

Business

Mid-level

Job description

In 2001, a prominent corporate fraud scandal led to the Sarbanes-Oxley Act (SOX) of 2002, which introduced strict regulations on financial reporting and internal controls. While SOX was primarily focused on corporate governance, it became a foundational moment for IT controls and compliance—forcing companies to establish stronger audit trails, risk management processes, and accountability in IT systems.

2017, In one of the most infamous data breaches in history, the personal information of 147 million people was exposed due to an unpatched vulnerability. The breach wasn’t just a technical failure—it was a breakdown in governance and risk management. A known vulnerability had been disclosed, but it wasn’t properly tracked or remediated, showing a lack of strong risk and compliance processes.

2021, a single compromised password led to a ransomware attack that shut down fuel supplies across the U.S. East Coast, causing widespread panic and economic impact. Investigations found poor governance over identity management and a lack of segmented networks, making it easier for attackers to escalate their access.

Each of these cases demonstrates why GRC is the backbone of security. GRC professionals don’t just enforce rules—they prevent breaches, protect data, and enable business continuity. Whether it’s through risk assessments, compliance frameworks, vendor oversight, or incident response planning, a strong GRC function ensures security isn’t just a technical concern but an integrated business priority.

Risk management isn’t just about IT or security — it’s about business resilience. Strong governance over identity access, network segmentation, and incident response can prevent catastrophic failures.

Mercury is growing rapidly, and as we expand beyond, we must continue to build resilience and improve governance. We have a solid foundation but the expansion, renovation, and exploration that come next needs guardrails all along the way. We are looking for a GRC analyst to help build the battens and transoms that will lift up our business continuity and resilience.

As part of this role, you and your team will:

  • Collaborate with the engineering team to define and enhance the organization’s security posture.
  • Apply a deep understanding of Governance, Risk, and Compliance (GRC) principles to engineering initiatives.
  • Work closely with engineering to improve the reliability and security of the business.
  • Implement, monitor, and maintain various security frameworks, with a focus on regulatory compliance standards (e.g., NIST, PCI, CIS).
  • Automate security controls to minimize risks and enhance overall security resilience.

The ideal candidate for the role:

  • Familiarity with standard security frameworks, including NIST, PCI-DSS, CIS, ISO, etc.
  • Strong problem-solving and analytical skills, with the ability to remain composed in high-stress situations.
  • Fundamental understanding of accepted security practices, including troubleshooting, identifying attack vectors, and providing customer support.
  • Knowledge and understanding of cloud services, with a 100% cloud-native approach.

Your Day to Day:

In this role, you will be a tech-savvy professional who excels in communicating governance, risk, and compliance requirements for various technologies. Your immediate responsibilities will include conducting a gap analysis on various frameworks. You will create a comprehensive plan to address and close these gaps, engaging relevant stakeholders throughout the process.

Tools and Technologies:

  • Utilize a range of tools and technologies, including but not limited to:

    • AWS Config, Audit Manager
    • Orca,
    • GitHub
    • Vanta

  • GRC (Governance, Risk, and Compliance) tools

* Mercury is a financial technology company, not a bank. Banking services provided by Choice Financial Group, Column N.A., and Evolve Bank & Trust®; Members FDIC.

The total rewards package at Mercury includes base salary, equity (stock options), and benefits. Our salary and equity ranges are highly competitive within the SaaS and fintech industry and are updated regularly using the most reliable compensation survey data for our industry. New hire offers are made based on a candidate’s experience, expertise, geographic location, and internal pay equity relative to peers.

Our target new hire base salary ranges for this role are the following:

  • US employees (any location): USD $151,000-$188,700
  • Canadian employees (any location): CAD 142,600-160,500

Mercury values diversity & belonging and is proud to be an Equal Employment Opportunity employer. All individuals seeking employment at Mercury are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation, or any other legally protected characteristic. We are committed to providing reasonable accommodations throughout the recruitment process for applicants with disabilities or special needs. If you need assistance, or an accommodation, please let your recruiter know once you are contacted about a role.

We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on January 22, 2024. Please see the independent bias audit report covering our use of Covey here.

#LI-AC1

Share this job:
Please let Mercury know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Mercury logo

Mercury

Fintech for ambitious companies

  • 201-500 employees
  • Founded in 2017
  • 50 remote jobs
View all jobs

Latest Jobs at Mercury

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply