InfoSec GRC Analyst in London

About MoonPay – we’re MoonPay. We’re here to onboard the world to the decentralized economy by making digital money move as universally and effortlessly as the internet. Crypto, stablecoins, and blockchain are tools for global financial empowerment, giving people and businesses more control over their money and digital assets. MoonPay is a unified payments platform that makes buying, selling, swapping, and paying in digital currencies as easy as sending an email. We power the entire flow between fiat and crypto end‐to‐end, with compliance, identity checks, fraud prevention, and settlement built in. Trusted by over 30 million customers and more than 500 ecosystem partners, our secure, enterprise‐grade platform is driving mainstream crypto adoption worldwide. Fully licensed in the U.S. and regulated across the UK, EU, Canada, and Australia, we are committed to trust and compliance while delivering a consumer app that is accessible, intuitive, and growing fast.

About the Opportunity The Information Security Audit team at MoonPay is dedicated to verifying the security and integrity of our internal systems and data. The GRC Analyst's mission is to provide independent, objective assurance and consulting principles to improve MoonPay's regulatory compliance program. In collaboration with IT, People Ops, Compliance, Legal, and Procurement, you will report to the Director of Information Security Audit & ISMS Program and work with TSS and Engineering teams to collect and review evidence in support of our compliance audits.

Key responsibilities

• Assessing the company's internal control structure, risk management, and governance processes to confirm they work as intended.
• Identifying opportunities to improve MoonPay's efficiency and effectiveness by recommending solutions to management.
• Safeguarding assets, ensuring compliance with laws and policies, and identifying potential fraud or other concerns.
• Acting as an advisor to team members, providing insight and helping enhance the overall control environment and operational performance.
• Promoting a culture of integrity and accountability throughout the organization.

What you will do:

• Become fully knowledgeable with compliance frameworks such as SOC 2, ISO 27001, 27701, 27018, PCI‐DSS, NIST 800‐171, MiCA, and DORA.
• Familiarize yourself with scheduling intervals for each framework.
• Assist team members in gathering evidence to support our compliance program.
• Review evidence critically, identify risks, and recommend counter‐measures or process revisions.
• Advise internal teams on findings, enabling remedial action before external audits.
• Safeguard assets by ensuring the team understands security requirements.

About You

• Minimum of 3‐5 years in Governance, Risk, and Compliance.
• Experience with IT Operations, Secure Development, Change Management, Access Control, and Information Security.
• Performed reviews under at least two of the following: ISO 27001, SOC 2, SOX 404A/B, or PCI‐DSS.
• Strong understanding of cybersecurity principles and best practices.
• Excellent critical thinking, analytical, and problem‐solving skills.
• Ability to demonstrate completeness and accuracy when providing evidence to audit teams.
• Organization skills to manage large amounts of documentation and evidence.
• Capacity to work effectively under pressure and handle multiple audit reviews simultaneously.
• Strong communication and interpersonal skills.

Bonus Qualifications & Certifications

• CISSP, CISM, or equivalent certifications.

Technical Proficiency

• Proven experience with tools such as Google Workspace, Mac OS, SharePoint/GRC Platforms, Okta/Active Directory, Jira/Linear.
• Ability to understand a variety of technology platforms and identify evidence to collect.

Values

• Be Hungry
• Level Up
• Own It
• Crypto Curious
• Kaizen

Benefits & Perks

• Competitive salary package with equity components, performance equity bonuses, and a "Moonshot" award offering $250,000 equity grants to 10 employees twice a year.
• Unlimited holidays, hybrid working schedule, private healthcare benefits, enhanced parental leave, annual training budget, home office setup allowance, remote working allowance, a monthly budget for our products, an employee referral program offering 10K USDC, and regular remote company offsites.

Commitment To Diversity

MoonPay believes every voice matters. We foster a respectful environment free from harassment, racism, and discrimination. We are a proud equal‐opportunity employer and commit to inclusivity for all employees, including providing reasonable accommodations for qualified individuals with disabilities and adhering to non‐discriminatory hiring practices.