At Midas, we are working on real-life engineering challenges to transform the world of finance.We’ve transformed investing in Turkey by delivering a seamless experience for everyday investors.Today, 3.5 million users invest with Midas. Backed by an $80M Series B, the largest fintech investment ever in Turkey, we are scaling faster than ever.
At Midas, security is not just a technical domain—it's a business imperative. As a Security Engineer, GRC, you will play a key role in defining, measuring, and improving our security posture through robust governance, clear policies, and effective risk management. You'll collaborate across teams to ensure that our fintech operations are secure, compliant, and aligned with regulatory and industry best practices.
Help build development and enforcement of security policies, standards, and procedures across the organization
Lead efforts to monitor, interpret, and implement regulatory obligations (e.g., KVKK, MASAK, SPK, ISO 27001), and keep the company ready for audits and regulatory changes.
Maintain and evolve our Trust Center to ensure it accurately reflects our security and privacy posture, expanding its scope as new compliance frameworks and business needs emerge.Set standards and deliver policies on data privacy and consumption for internal & external customers
Track, document, and report on the status of security controls, audits, and compliance initiatives
Support the design, implementation, and continuous improvement of the information security governance framework
Collaborate with security, engineering, infrastructure, and product teams to align controls with business and technical processes
Promote security awareness and risk ownership across business units through structured communication and training initiatives
Support internal and external audit processes by coordinating evidence collection, preparing documentation, and ensuring timely remediation of findings
Plan and conduct annual information security risk assessments and third-party vendor evaluations, ensuring all identified risks are documented, prioritized, and remediated in alignment with the company's risk appetite and compliance obligations.
Design, deploy, and maintain technical controls for encryption at rest and in transit, tokenization, and data masking, implement and oversee PAM and Secrets Management solutions.
Proven experience in security governance, risk management, or compliance roles
Solid understanding of information security principles and regulatory frameworks (e.g., ISO 27001, NIST CSF, COBIT, KVKK, SPK)
Familiarity with risk assessment methodologies and tools
Experience in writing and maintaining security documentation and policies
Ability to translate regulatory and technical requirements into actionable internal processes
Strong communication skills with both technical and non-technical audiences
A structured, detail-oriented mindset with a passion for consistency and accuracy
Fluency in English
Nice to have: Experience working in regulated environments such as fintech, banking, or SaaS
Curious about our tech stack?
Take a look: https://stackshare.io/getmidas/midas-engineering
Also check out our engineering blog: https://engineering.getmidas.com/
Midas Engineering Twitter: https://twitter.com/midas_eng
Why Join Us?
Play to Win, Build with the BestCollaborate with the brightest minds, who challenge you to grow every day.
Dare to DisruptBecome an outlier and turn bold ideas into groundbreaking realities.
You will be fully equipped for success:
Great compensation for great talent.Holistic support for health, well being and nutrition.Tools to Thrive – everything you need to perform at your best.
Curious about our tech stack?Explore it here: https://stackshare.io/getmidas/midas-engineeringCheck out our blog for engineering challenges: https://engineering.getmidas.com/Follow Midas engineering X account: https://x.com/midas_eng
Be an Outlier, Build the Future of Money!
BIST, ABD borsaları ve TEFAS fonları Midas'ta!
Kriptonun Midas hali ile tanış.
