About MoonPay
Hi, we’re MoonPay. We’re here to onboard the world to the decentralized economy by making digital money move as universally and effortlessly as the internet.
Why?
Because crypto, stablecoins and blockchain aren’t just technologies. They’re tools for global financial empowerment. They give people and businesses more control over their money, their digital assets, and their future, opening access to legacy financial systems that have been out of reach for many.
What we do
MoonPay is a unified payments platform for digital currency. We make it easy for anyone, anywhere, to buy, sell, swap and pay in digital currencies as easy as sending an email. That simplicity is intentional, our focus is reducing complexity so people can participate confidently, without needing to be crypto experts. We power the entire flow between fiat and crypto end to end, with compliance, identity checks, fraud prevention, and settlement all built in. This end-to-end approach reflects how we work internally: with accountability, rigor, and trust built into everything we ship.
Proven at scale
Trusted by over 30 million customers and over 500 ecosystem partners, our secure, enterprise-grade platform is driving mainstream crypto adoption worldwide. Behind those numbers are millions of real people and organizations relying on MoonPay every day.
We collaborate with innovative brands and projects to build secure, scalable solutions for a blockchain-powered future. This is an opportunity to help shape systems, not just scale them. And we’re committed to doing it right. Fully licensed in the U.S. and regulated across the UK, EU, Canada, and Australia, because trust and compliance are non-negotiable.
But we’re just getting started. We’ve launched a consumer app that makes crypto accessible, intuitive, and usable for everyone, and it’s growing fast. We’re iterating every day to make it the best it can be.
If you believe financial freedom should be for everyone. If you believe in building a fairer, more open financial system - we want you with us. To build systems that benefit all, we need contributions from all, regardless of background.
Come build the future of payments and the decentralized economy with MoonPay. Let’s make financial freedom and autonomy the new normal.
About the Opportunity ✍️
Introduction to the team:
The Information Security Audit team at MoonPay is dedicated to verifying the security and integrity of MoonPay’s internal systems and data in an increasingly complex digital landscape. The Information Security Team is a diverse, multi-cultural group of professionals from around the globe who bring a wealth of expertise and perspectives together to oversee the company’s adherence to regulatory and governance compliance requirements in an efficient, effective, collaborative manner.
The GRC Analyst’s mission is to provide independent, objective assurance and consulting principles to improve MoonPay’s regulatory compliance program by using critical thinking skills to evaluate the effectiveness of our risk management, control, and governance program. Our team’s goal is to enhance and maintain organizational security integrity by identifying risks and inefficiencies, ensuring compliance with a variety of governance frameworks, and offering recommendations for improvement for any gaps identified.
In collaboration with the IT team and other departments, we foster a culture of security awareness, sharing best practices, and ensuring that everyone at MoonPay understands their role in maintaining compliance in a continually evolving environment.
What you will be working with/on…
In this role, you will report to the Director, Information Security Audit & ISMS Program, and work primarily with the TSS and Engineering teams to collect and review evidence in support of MoonPay’s compliance audits. Additionally, you will work with People Ops, Compliance, Legal, and Procurement teams to obtain and review audit-related evidence required from each of these teams.
Key responsibilities : * Providing assurance: Assessing the company’s internal control structure, risk management, and governance processes to confirm each is working as intended. * Improve operations: Looking for ways to improve MoonPay’s efficiency and effectiveness by identifying issues and recommending solutions to management. * Protect organizational value: Safeguarding assets, ensuring compliance with laws and policies, and identifying potential fraud or other concerns. * Offering assistance: Act as an advisor to team members, providing insight and helping to enhance the overall control environment and operational performance. * Promoting governance and ethics: Helping to create and promote a culture of integrity and accountability throughout the organization. * Join us in our commitment to security excellence and help us build a safer future in the blockchain and payments industry!
What you will do: * As a Security Operations Engineer at MoonPay, you will take on a multifaceted role focused on enhancing our compliance posture. Your responsibilities will include: * Become fully knowledgeable with compliance frameworks, e.g., SOC2, ISO 27001, 27701, 27018, PCI-DSS, NIST 800-171, MiCA, and DORA * Become familiar with the scheduling intervals for each framework * Assist team members in gathering evidence in support of our compliance program * Use your critical thinking skills to review the evidence provided * Identify methods and means to manage risks identified during investigations and evidence collections * Advise internal teams on any findings identified, allowing time for remediations before formal review by external auditors * Safeguard assets wherever possible by ensuring the team is aware of the security requirements * Use your skills to evaluate and escalate risks identified to identify appropriate counter-measures or process revisions required to address the risk to the company.
Bonus Qualifications
Certifications: * CISSP, CISM, or equivalent certifications are a plus.
Technical Proficiency: * Proven experience with tools such as: * Google Workspace * Mac OS * SharePoint/GRC Platforms * Okta/Active Directory * Jira/Linear * Ability to understand a variety of technology platforms and how to identify evidence to collect
You are meticulous around evidence collection and have a keen eye for details, organization and time management.
About You :
Experience: * Minimum of 3-5 years in Governance, Risk, and Compliance * Focus on IT Operations, Secure Development, Change Management, Access Control, and Information Security
Security Frameworks: * Performed reviews under at least two of the following: ISO 27001, SOC 2, SOX 404a/b, or PCI-DSS. * Responsible for implementing key security controls
Cybersecurity Principles: * Strong understanding of cybersecurity principles and best practices. * Strict adherence to cybersecurity principles and best practices
Analytical Skills: * Excellent critical thinking, analytical, and problem-solving skills
Organization Skills * Ability to demonstrate completeness and accuracy when providing evidence to audit teams * Ability to maintain organization while collecting large amounts of documentation and evidence
Crisis Management: * Ability to work effectively under pressure. * Capable of handling multiple audit reviews simultaneously.
Communication * Strong communication and interpersonal skills are needed to collaborate with teams across the company.
