InfoSec GRC Analyst in London

About MoonPay

We’re here to onboard the world to the decentralized economy by making digital money move as universally and effortlessly as the internet. Because crypto, stablecoins and blockchain aren’t just technologies. They’re tools for global financial empowerment. They give people and businesses more control over their money, their digital assets, and their future, opening access to legacy financial systems that have been out of reach for many.

MoonPay is a unified payments platform for digital currency. We make it easy for anyone, anywhere, to buy, sell, swap and pay in digital currencies as easy as sending an email. That simplicity is intentional, our focus is reducing complexity so people can participate confidently, without needing to be crypto experts. We power the entire flow between fiat and crypto end to end, with compliance, identity checks, fraud prevention, and settlement all built in. This end-to-end approach reflects how we work internally: with accountability, rigor, and trust built into everything we ship.

Trusted by over 30 million customers and over 500 ecosystem partners, our secure, enterprise-grade platform is driving mainstream crypto adoption worldwide. Behind those numbers are millions of real people and organizations relying on MoonPay every day.

We collaborate with innovative brands and projects to build secure, scalable solutions for a blockchain-powered future. This is an opportunity to help shape systems, not just scale them. And we’re committed to doing it right. Fully licensed in the U.S. and regulated across the UK, EU, Canada, and Australia, because trust and compliance are non-negotiable.

But we’re just getting started. We’ve launched a consumer app that makes crypto accessible, intuitive, and usable for everyone, and it’s growing fast. We’re iterating every day to make it the best it can be.

If you believe financial freedom should be for everyone. If you believe in building a fairer, more open financial system - we want you with us. To build systems that benefit all, we need contributions from all, regardless of background.

Come build the future of payments and the decentralized economy with MoonPay. Let’s make financial freedom and autonomy the new normal.

About the Opportunity

Introduction to the team:

The Information Security Audit team at MoonPay is dedicated to verifying the security and integrity of MoonPay’s internal systems and data in an increasingly complex digital landscape. The Information Security Team is a diverse, multi-cultural group of professionals from around the globe who bring a wealth of expertise and perspectives together to oversee the company’s adherence to regulatory and governance compliance requirements in an efficient, effective, collaborative manner.

The GRC Analyst’s mission is to provide independent, objective assurance and consulting principles to improve MoonPay’s regulatory compliance program by using critical thinking skills to evaluate the effectiveness of our risk management, control, and governance program. Our team’s goal is to enhance and maintain organizational security integrity by identifying risks and inefficiencies, ensuring compliance with a variety of governance frameworks, and offering recommendations for improvement for any gaps identified.

In collaboration with the IT team and other departments, we foster a culture of security awareness, sharing best practices, and ensuring that everyone at MoonPay understands their role in maintaining compliance in a continually evolving environment.

What you will be working with/on…

In this role, you will report to the Director, Information Security Audit & ISMS Program, and work primarily with the TSS and Engineering teams to collect and review evidence in support of MoonPay’s compliance audits. Additionally, you will work with People Ops, Compliance, Legal, and Procurement teams to obtain and review audit-related evidence required from each of these teams.

Key responsibilities

• Providing assurance: Assessing the company’s internal control structure, risk management, and governance processes to confirm each is working as intended.
• Improve operations: Looking for ways to improve MoonPay’s efficiency and effectiveness by identifying issues and recommending solutions to management.
• Protect organizational value: Safeguarding assets, ensuring compliance with laws and policies, and identifying potential fraud or other concerns.
• Offering assistance: Act as an advisor to team members, providing insight and helping to enhance the overall control environment and operational performance.
• Promoting governance and ethics: Helping to create and promote a culture of integrity and accountability throughout the organization.

Join us in our commitment to security excellence and help us build a safer future in the blockchain and payments industry!

What you will do

As a Security Operations Engineer at MoonPay, you will take on a multifaceted role focused on enhancing our compliance posture. Your responsibilities will include:

• Become fully knowledgeable with compliance frameworks, e.g., SOC2, ISO 27001, 27701, 27018, PCI-DSS, NIST 800-171, MiCA, and DORA.
• Become familiar with the scheduling intervals for each framework.
• Assist team members in gathering evidence in support of our compliance program.
• Use your critical thinking skills to review the evidence provided.
• Identify methods and means to manage risks identified during investigations and evidence collections.
• Advise internal teams on any findings identified, allowing time for remediations before formal review by external auditors.
• Safeguard assets wherever possible by ensuring the team is aware of the security requirements.
• Use your skills to evaluate and escalate risks identified to identify appropriate counter-measures or process revisions required to address the risk to the company.

About You

Experience:

• Minimum of 3-5 years in Governance, Risk, and Compliance.
• Focus on IT Operations, Secure Development, Change Management, Access Control, and Information Security.
• Security Frameworks: Performed reviews under at least two of the following: ISO 27001, SOC 2, SOX 404a/b, or PCI-DSS.
• Responsible for implementing key security controls.

Cybersecurity Principles:

• Strong understanding of cybersecurity principles and best practices.
• Strict adherence to cybersecurity principles and best practices.

Analytical Skills:

• Excellent critical thinking, analytical, and problem-solving skills.

Organization Skills:

• Ability to demonstrate completeness and accuracy when providing evidence to audit teams.
• Ability to maintain organization while collecting large amounts of documentation and evidence.

Crisis Management:

• Ability to work effectively under pressure.
• Capable of handling multiple audit reviews simultaneously.

Communication:

• Strong communication and interpersonal skills are needed to collaborate with teams across the company.

Bonus Qualifications:

• Certifications: CISSP, CISM, or equivalent certifications are a plus.
• Technical Proficiency: Proven experience with tools such as Google Workspace, Mac OS, SharePoint/GRC Platforms, Okta/Active Directory, Jira/Linear.
• Ability to understand a variety of technology platforms and how to identify evidence to collect.
• You are meticulous around evidence collection and have a keen eye for details, organization and time management.

BLOCK Values

We’re looking for people who live our core values, those who strive for excellence and want to leave a lasting legacy on the global financial system. Our values:

• B - Be Hungry
• L - Level Up
• O - Own It
• C - Crypto Curious
• K - Kaizen

Research has shown that women are less likely than men to apply for this role if they do not have experience in 100% of these areas. Please know that this list is indicative, and that we would still love to hear from you even if you feel that you are only a 75% match. Skills can be learnt, diversity cannot.

Benefits & Perks

• Competitive salary package.
• Equity package: We believe financial freedom starts with our employees, so all employees have ownership at MoonPay.
• Pay for performance equity bonus: Those who drive outsized outcomes receive outsized rewards.
• Moonshot award: We honor exceptional impact - 10 employees twice a year, each earning a $250,000 equity grant.
• Unlimited holidays: We give you the autonomy to choose when to work (and when to switch off).
• Hybrid working schedule: Work fully remotely or your nearest Moonbase, the choice is yours.
• Private Healthcare benefits: To protect you and your loved ones.
• Enhanced parental leave: So you can spend more time with your loved ones without a second thought.
• Annual training budget: We support your training journey every step of the way.
• Home office setup allowance: Create the home office of your dreams.
• Remote working allowance: Those working fully remotely get a little extra for utilities.
• Monthly budget to spend on our products and zero fee crypto transactions: Cultivate your inner DEGEN.
• Employee referral programme: Great people know great people, refer them to receive 10K in USDC.
• Regular remote company offsites: Meet your colleagues regularly for high impact in person sessions and hackathons.
• Working in a disruptive and fast-growing company where excellence is rewarded.

Commitment To Diversity

At MoonPay we believe that every voice matters. We strive to create a mindful and respectful environment where everyone can bring their authentic self to work, and experience a culture that is free of harassment, racism, and discrimination. That’s why we are committed to diversity and inclusion in the workplace and are a proud equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by law. This policy applies to all employment practices within our organization, including, but not limited to, hiring, recruiting, promotion, termination, layoff, and leave of absence.

MoonPay is also committed to providing reasonable accommodations in our job application procedures for qualified individuals with disabilities. Please inform our Talent Team if you need any assistance completing any forms or to otherwise participate in the application process.