Posted 13 months ago

Security Engineer, GRC

İstanbul, TurkeyOn-siteFull-time

AI Summary

Security Engineer focusing on governance, risk, and compliance. Defines and enforces security policies, tracks regulatory obligations, and supports audits.

About this role

At Midas, we are working on real-life engineering challenges to transform the world of finance.

We’ve transformed investing in Turkey by delivering a seamless experience for everyday investors.

Today, 3.5 million users invest with Midas. Backed by an $80M Series B, the largest fintech investment ever in Turkey, we are scaling faster than ever.

At Midas, security is not just a technical domain—it's a business imperative. As a Security Engineer, GRC, you will play a key role in defining, measuring, and improving our security posture through robust governance, clear policies, and effective risk management. You'll collaborate across teams to ensure that our fintech operations are secure, compliant, and aligned with regulatory and industry best practices.

What You’ll Do

Help build development and enforcement of security policies, standards, and procedures across the organization

Lead efforts to monitor, interpret, and implement regulatory obligations (e.g., KVKK, MASAK, SPK, ISO 27001), and keep the company ready for audits and regulatory changes.

Maintain and evolve our Trust Center to ensure it accurately reflects our security and privacy posture, expanding its scope as new compliance frameworks and business needs emerge.Set standards and deliver policies on data privacy and consumption for internal & external customers

Track, document, and report on the status of security controls, audits, and compliance initiatives

Support the design, implementation, and continuous improvement of the information security governance framework

Collaborate with security, engineering, infrastructure, and product teams to align controls with business and technical processes

Promote security awareness and risk ownership across business units through structured communication and training initiatives

Support internal and external audit processes by coordinating evidence collection, preparing documentation, and ensuring timely remediation of findings

Plan and conduct annual information security risk assessments and third-party vendor evaluations, ensuring all identified risks are documented, prioritized, and remediated in alignment with the company's risk appetite and compliance obligations.

Design, deploy, and maintain technical controls for encryption at rest and in transit, tokenization, and data masking, implement and oversee PAM and Secrets Management solutions.

What You’ll Bring:

Proven experience in security governance, risk management, or compliance roles

Solid understanding of information security principles and regulatory frameworks (e.g., ISO 27001, NIST CSF, COBIT, KVKK, SPK)

Familiarity with risk assessment methodologies and tools

Experience in writing and maintaining security documentation and policies

Ability to translate regulatory and technical requirements into actionable internal processes

Strong communication skills with both technical and non-technical audiences

A structured, detail-oriented mindset with a passion for consistency and accuracy

Fluency in English

Nice to have: Experience working in regulated environments such as fintech, banking, or SaaS

Skills

AuditsCOBITData MaskingData Privacy ControlsEncryption At RestEncryption In TransitInformation Security GovernanceISO 27001KVKKNIST CSFPAMPolicy DevelopmentRegulatory FrameworksRisk Assessment MethodologiesRisk ManagementSecrets ManagementSecurity ControlsSecurity DocumentationSecurity Governance FrameworkSecurity PoliciesSPKTokenizationVendor Risk Assessments

Explore related jobs

More jobs at Midas

Similar Audits jobs

Browse these categories

Remote Jobs Audits Jobs Policy Development Jobs Risk Management Jobs Jobs in Türkiye