Operationalize security controls, drive evidence collection, and continuous monitoring.
Partner with product, engineering, and business teams to reduce risk while enabling speed.
Lead SOC 2 Type II audit cycle end-to-end, including auditor coordination, population requests, and walkthroughs.
Roll out a vendor risk management workflow integrated with procurement and Legal.
Define secure SDLC checkpoints and automate evidence from GitHub, CI, and cloud.
Drive PCI DSS certification readiness, including SoA ownership and internal audits.
Establish KPI/KRIs and dashboards for control effectiveness and risk trends consumed by execs and customers.
Mature incident response playbooks and conduct at least one cross-functional tabletop with measurable improvements.
Requirements
5+ years in GRC, security engineering, or risk management within SaaS or fintech environments.
Proven experience running SOC 2 Type II and working toward ISO 27001, including evidence automation and auditor interactions.
Strong understanding of cloud security controls across AWS, containerized workloads, and modern CI/CD.
Practical knowledge of secure SDLC, vulnerability management, identity and access management, and third‑party risk.
Ability to translate requirements into actionable, ticketed work with clear owners and due dates.
Excellent written communication for policies, customer questionnaires, and exec‑level reporting.
Nice to have: experience with privacy programs, PCI readiness, or financial services regulations; relevant certs (e.g., CISA, CISSP, ISO 27001 LI/LA) are a plus.
Benefits
Remote Flexibility: Enjoy the freedom of remote work from anywhere, balancing life and career seamlessly.
Unforgettable Off-Sites: Twice a year, bond with colleagues in exciting destinations, fostering teamwork and fresh ideas.
Paid Time Off and National Holidays: Enjoy 20 PTO days yearly and the National Holidays for relaxation and rejuvenation.
Stock Options: Joining us means having a stake in our success, so you'll receive stock options as part of your compensation package.
Home Office Setup: Create your ideal workspace with a dedicated budget for home office essentials.
Work Trip Budget: Grow personally and professionally with a budget for work-related trips and co-working.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
GRCsecurity engineeringrisk managementSOC 2 Type IIISO 27001cloud security controlssecure SDLCvulnerability managementidentity and access managementevidence automation
Soft skills
communicationcollaborationleadershiporganizationalproblem-solvinganalytical thinkingattention to detailcross-functional teamworkactionable requirements translationmeasurable improvements