Information Security, Governance Risk, and Compliance Analyst
Mercury•2h ago
CanadaRemoteCA$145K–CA$181.3KFull-time
Top focus
Compliance Officer
- Security failures are rarely caused by a single technical mistake. More often, they stem from gaps in governance, risk management, operational discipline
- accountability. Strong GRC programs help prevent those failures by making security a business priority, not just a technical concern.
- Mercury is growing rapidly
- as we scale, we need to continue building resilience, strengthening governance
- improving the way we manage risk across the company. We have a strong foundation today, but the next phase of growth will require scalable programs, thoughtful controls
- cross functional partnerships that allow Mercury to move quickly without sacrificing security.
- We are looking for an Information Security GRC Analyst to help mature Mercury’s security, risk
- compliance programs. This is not a traditional compliance role focused only on audits and evidence collection. You will help build the systems, processes
- guardrails that support business continuity, customer trust
In This Role, You Will
- Lead and support security risk assessments across products, systems, vendors, and business initiatives.
- Partner with Engineering, Product, IT, Legal, Operations, and other teams to identify, evaluate, and mitigate risk.
- Drive audit readiness and compliance initiatives across frameworks such as SOC 2, PCI DSS, NIST, CIS, and ISO 27001.
- Conduct gap assessments against security and compliance frameworks, then build practical plans to close those gaps.
- Design, implement, and mature scalable governance processes and security controls.
- Help improve Mercury’s business continuity, resilience, and third party risk management programs.
- Translate compliance and risk requirements into clear, actionable guidance for technical and non technical stakeholders.
- Identify opportunities to automate controls, evidence collection, and recurring GRC workflows.
- Help ensure Mercury’s security program remains strong, efficient, and aligned with the speed of the business.
- You may be a good fit if you:
- Have experience scaling security, risk, compliance, or governance programs in a high growth SaaS, fintech, or cloud native environment.
- Understand security frameworks such as SOC 2, PCI DSS, NIST, CIS, and ISO 27001, and can translate them into practical controls.
- Bring strong ownership and project management skills, with a track record of driving cross functional initiatives from concept to completion.
- Are comfortable creating structure from ambiguity and building programs or processes from scratch.
- Take a risk based approach to decision making and can distinguish between theoretical risk and material business risk.
- Communicate clearly with technical and non technical stakeholders.
- Have enough technical depth to partner effectively with engineers and evaluate security controls in cloud native environments.
- Care about building security programs that enable the business rather than slow it down.
- Tools and technologies you may work with:
- AWS Config and AWS Audit Manager
- GitHub
- Vanta
- GRC platforms and workflow tools
- Cloud native security and compliance tooling
- Why this role?
- Mercury is in a stage of growth where the security program is strong, but there is still meaningful opportunity to shape what it becomes. You will not simply inherit mature processes and operate them. You will help define how security governance scales at Mercury.
- This role is ideal for someone who enjoys building, improving
- influencing across the company. You will have the opportunity to work across risk management, compliance, business continuity, third party risk
- security strategy while helping Mercury build one of the strongest security programs in fintech without sacrificing speed or efficiency.
- *Mercury is a fintech company, not an FDIC-insured bank. Banking services provided through Choice Financial Group and Column N.A., Members FDIC.
- The total rewards package at Mercury includes base salary, equity
- benefits. Our salary and equity ranges are highly competitive within the SaaS and fintech industry and are updated regularly using reliable compensation survey data. New hire offers are made based on a candidate’s experience, expertise, geographic location
- internal pay equity relative to peers.
- Our target new hire base salary ranges for this role are:
- US employees in New York City, Los Angeles, Seattle, or the San Francisco Bay Area: $153,400 to $191,800
- US employees outside of New York City, Los Angeles, Seattle, or the San Francisco Bay Area: $138,100 to $172,600
- Canadian employees, any location: CAD 145,000 to CAD 181,300
- Mercury values diversity & belonging and is proud to be an Equal Employment Opportunity employer. All individuals seeking employment at Mercury are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation
- any other legally protected characteristic. We are committed to providing reasonable accommodations throughout the recruitment process for applicants with disabilities or special needs. If you need assistance
- an accommodation, please let your recruiter know once you are contacted about a role.
- #LI-DNI
Required skills
AWSGitHubVantaGRCSOC 2PCI DSSNISTCISISO 27001