Getmidas12mo ago

Security Engineer, GRC

Türkiye·IstanbulPermanent Full-Timemid

EngineeringSecuritySecurity EngineerCybersecurity

0 views0 saves0 applied

Apply Now

Quick Summary

Requirements Summary

Experience working in regulated environments such as fintech, banking, or SaaS

Technical Tools

EngineeringSecuritySecurity EngineerCybersecurity

At Midas, we are working on real-life engineering challenges to transform the world of finance.

We’ve transformed investing in Turkey by delivering a seamless experience for everyday investors.

Today, 3.5 million users invest with Midas. Backed by an $80M Series B, the largest fintech investment ever in Turkey, we are scaling faster than ever.

At Midas, security is not just a technical domain—it's a business imperative. As a Security Engineer, GRC, you will play a key role in defining, measuring, and improving our security posture through robust governance, clear policies, and effective risk management. You'll collaborate across teams to ensure that our fintech operations are secure, compliant, and aligned with regulatory and industry best practices.

Help build development and enforcement of security policies, standards, and procedures across the organization

Lead efforts to monitor, interpret, and implement regulatory obligations (e.g., KVKK, MASAK, SPK, ISO 27001), and keep the company ready for audits and regulatory changes.

Maintain and evolve our Trust Center to ensure it accurately reflects our security and privacy posture, expanding its scope as new compliance frameworks and business needs emerge.Set standards and deliver policies on data privacy and consumption for internal & external customers

Track, document, and report on the status of security controls, audits, and compliance initiatives

Support the design, implementation, and continuous improvement of the information security governance framework

Collaborate with security, engineering, infrastructure, and product teams to align controls with business and technical processes

Promote security awareness and risk ownership across business units through structured communication and training initiatives

Support internal and external audit processes by coordinating evidence collection, preparing documentation, and ensuring timely remediation of findings

Plan and conduct annual information security risk assessments and third-party vendor evaluations, ensuring all identified risks are documented, prioritized, and remediated in alignment with the company's risk appetite and compliance obligations.

Design, deploy, and maintain technical controls for encryption at rest and in transit, tokenization, and data masking, implement and oversee PAM and Secrets Management solutions.

Proven experience in security governance, risk management, or compliance roles

Solid understanding of information security principles and regulatory frameworks (e.g., ISO 27001, NIST CSF, COBIT, KVKK, SPK)

Familiarity with risk assessment methodologies and tools

Experience in writing and maintaining security documentation and policies

Ability to translate regulatory and technical requirements into actionable internal processes

Strong communication skills with both technical and non-technical audiences

A structured, detail-oriented mindset with a passion for consistency and accuracy

Fluency in English

Nice to have: Experience working in regulated environments such as fintech, banking, or SaaS