GRC Analyst

GRC Analyst

Company: Mesh Location: Remote (Europe) Industry: Finance Contract: Permanent Seniority: Mid-Level

About Mesh

Mesh is building the infrastructure for the next era of global payments, enabling consumers to pay and be paid with any asset. We are bridging the gap between the trillions of dollars in tokenized assets and everyday commerce by making crypto payments reliable, useful, and ubiquitous. Backed by leading investors, we are creating a powerful orchestration engine combined with a seamless consumer app to unlock liquidity worldwide.

About the Role

We are seeking a GRC Analyst to help build the compliance foundation for the future of global crypto payments. This role is instrumental in ensuring Mesh scales securely, responsibly, and with trust at its core as we connect hundreds of exchanges, wallets, and financial platforms into a single open network. You will play a key role in shaping and maturing our Governance, Risk, and Compliance (GRC) program, focusing on initiatives such as SOC 2, MiCA licensing, and U.S. Money Transmitter Licenses. This is a hands-on position offering significant ownership, from managing daily controls and enhancing core compliance processes to collaborating with leadership on navigating complex regulatory landscapes. We are looking for a proactive individual who enjoys building scalable programs and contributing to the infrastructure powering next-generation global payments.

Key Responsibilities

• Own and strengthen the controls environment, ensuring effective implementation and maintenance of compliance requirements.
• Support and mature the GRC program, including SOC 2 operations and alignment with security frameworks like NIST.
• Build and maintain the Business Continuity and Disaster Recovery program, including Business Impact Analyses (BIAs), continuity plans, and recovery runbooks.
• Conduct vendor and third-party risk assessments to support the expansion of our global partner network.
• Support MiCA licensing and U.S. Money Transmitter License applications through due diligence, regulatory responses, and compliance reporting.
• Manage the security issue lifecycle, driving remediation efforts and collaborating with teams to mitigate risk.
• Standardize policies, controls, and compliance processes for scalability across different jurisdictions and regulatory frameworks.

Requirements

• 3–5 years of hands-on GRC experience in an operational environment, with a proven track record of building and managing compliance programs.
• Deep familiarity with at least one major framework such as SOC 2, NIST, PCI, MiCA, NYDFS, or CCPA.
• Experience building or maturing Business Continuity and Disaster Recovery programs, with a strong understanding of how business impact assessments inform recovery strategies.
• Comfortable supporting the full risk lifecycle, including risk assessments, control testing, issue management, and remediation.
• A hands-on builder who excels at improving processes, operationalizing controls, and transforming requirements into scalable programs.
• Proficiency in using AI tools to enhance efficiency and outcomes in areas like policy development, process monitoring, or program management.
• Experience in fintech, crypto, payments, or other regulated industries is a plus.
• Familiarity with GRC platforms such as Vanta, Drata, or Archer is advantageous.

What We Offer

• The opportunity to join a rapidly growing company and tackle complex, impactful problems that are shaping an industry.
• Work alongside a sharp, motivated team that values speed, collaboration, and ownership.
• See your work ship quickly and make a tangible impact.
• Opportunities for rapid professional growth and skill development.
• A front-row seat to scaling a high-growth company from the inside.
• Competitive compensation and benefits.
• A remote-friendly approach, allowing you to work from wherever you are most productive.
• Access to top-tier tools and equipment.
• Comprehensive health coverage for you and your family.
• Unlimited Paid Time Off (PTO).
• A dedicated budget for professional development, including courses, conferences, and certifications.