Senior IT Auditor

Mercury is building a complete finance stack for startups. We work hard to create the easiest and safest banking* experience possible to simplify entrepreneurs' and business owners’ financial lives. To accomplish this mission, not only do we have to build/maintain a magical banking platform but must also develop and uphold the trust and safety of our customers and the financial industry. To contribute to this effort, we’re looking to hire a Senior IT Auditor to support the efforts of our Internal Audit function at Mercury in the execution of our audit plan. You’ll help drive audits internally within Mercury as well as support audits being conducted externally by partners and third parties. In this role, you’ll perform hands-on IT and security audits, assess Mercury’s technology risks and controls, and work cross-functionally to improve Mercury’s control environment.

*Mercury is a financial technology company, not a bank. Banking services provided through Choice Financial Group, Column N.A., and Evolve Bank & Trust, Members FDIC.

As part of the journey, we would expect you to:

• Assist in identifying, analyzing, and assessing risk, specifically IT, cybersecurity, and data security related, throughout Mercury 
• Scope and plan multiple audits across Mercury products and operations
• Conduct process walkthroughs and execute audit testing to confirm the design and operational effectiveness of internal controls
• Assess compliance with Mercury’s compliance obligations
• Socialize, document, and report audit issues identified
• Collaborate with teams to develop appropriate action plans, track audit issue remediation, and conduct issue follow up testing
• Other duties as assigned

Some things that might make you successful in a role like this:

• Have experience scoping and planning new, complex audits  
• Be comfortable conducting walkthroughs, creating audit test plans, and executing internal controls testing
• Have experience working with financial services companies, and have a working knowledge of laws, regulations and risk management standards for financial services
• Familiarity with IT control frameworks (e.g., NIST, ISO 27001, COBIT)
• Have exposure to cloud environments (e.g., AWS) and related security controls
• Experience with security and threat assessments
• Have the ability to quickly grasp and understand complex business processes
• Be able to build relationships/partnerships and work cross-functionally to drive time-sensitive deliverables, issues tracking, and reporting
• Have excellent written and verbal communication skills
• Be able to manage their own schedule to ensure deadlines are met
• Be a self-starter, someone who likes to innovate and think about how we can do things differently to be more efficient and effective

The total rewards package at Mercury includes base salary, equity (stock options), and benefits.

Our salary and equity ranges are highly competitive within the SaaS and fintech industry and are updated regularly using the most reliable compensation survey data for our industry. New hire offers are made based on a candidate’s experience, expertise, geographic location, and internal pay equity relative to peers.

Our target new hire base salary ranges for this role are the following:

• US employees in New York City, Los Angeles, Seattle, or the San Francisco Bay Area: $132,400 - $149,900
• US employees outside of the New York City, Los Angeles, Seattle, or the San Francisco Bay Area: $119,200 - $134,100
• Canadian employees (any location): CAD $125,100 - 140,800

Mercury values diversity & belonging and is proud to be an Equal Employment Opportunity employer. All individuals seeking employment at Mercury are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation, or any other legally protected characteristic. We are committed to providing reasonable accommodations throughout the recruitment process for applicants with disabilities or special needs. If you need assistance, or an accommodation, please let your recruiter know once you are contacted about a role.

We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on January 22, 2024. Please see the independent bias audit report covering our use of Covey here.

#LI-DNI