Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Valon

Head of Security, GRC

Valon

Head of Security GRC overseeing governance, risk, and compliance for Valon, an AI-native fintech startup. Ensuring security practices for customer data and regulatory requirements are met.

Posted 5/15/2026full-timeRemote • 🇺🇸 United StatesLead💰 $190,000 - $250,000 per yearWebsite

Tech Stack

Tools & technologies
Cyber Security

About the role

Key responsibilities & impact
  • Manage and expand Valon's security and privacy compliance program across key frameworks and regulations (e.g., SOC 2, NYDFS Cybersecurity Regulation, FTC Safeguards Rule, CCPA and evolving regulations)
  • Build and scale modern Security GRC capabilities that leverage AI-enabled tools and processes, reducing manual overhead while optimizing risk and compliance operations
  • Support AI security standards development and risk processes
  • Design, develop and monitor technical security controls
  • Lead audit preparation and management
  • Maintain and evolve Valon's risk management practices; facilitate risk assessments across teams and track remediation of identified issues to closure
  • Develop, publish, and maintain security policies, standards, and procedures in partnership with IT, Engineering and Legal
  • Build and mature Valon's Data Governance program including secure data handling practices
  • Enhance BC/DR risk management practices and processes
  • Partner with Engineering and Product to assess security compliance implications of new features, infrastructure changes, and data flows
  • Manage security compliance, regulatory requirements, and customer-facing due diligence, while supporting operational security activities including advisory reviews, incident management, and issue remediation

Requirements

What you’ll need
  • Proven experience owning a security GRC program at a tech or fintech organization
  • Strong experience designing, developing and implementing technical security and privacy controls
  • Deep familiarity with SOC, NYDFS Part 500, FTC Safeguards Rule, and CCPA; experience with NIST CSF, ISO 27001 and related frameworks
  • Hands-on experience building or maturing a data governance program, including classification frameworks, retention policies, and data subject rights workflows
  • Knowledge of BC/DR controls - BIA, RTO/RPO, recovery playbooks, and tabletop exercises
  • Strong track record managing external audits end-to-end — scoping, evidence coordination, findings remediation
  • Familiarity with AI governance and risk frameworks, including assessing security risks introduced by LLM and agentic systems
  • Experience applying AI tools to security and/or GRC processes
  • Ability to translate technical security controls into clear compliance narratives for auditors, customers, and executives
  • Applied knowledge with industry security and compliance frameworks (NIST, CIS, SOC 2/ISO 27001 concepts)
  • Hands-on in both developing and operating security processes day-to-day (builder and operator)
  • Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders
  • Experience working in high-growth or startup environments is a plus
  • 7+ years in a progressive security management roles leading security focused technical GRC, compliance, and/or risk management programs
  • Bachelor's degree in Information Security, Computer Science, Technology or related field
  • Relevant security certifications (e.g., CISSP, CISM, CRISC, CISA or similar)
  • Hands-on experience managing compliance audits such as SOC 2, ISO 27001 and others
  • Experience driving risk management and assessment practices at scale
  • Applied knowledge of data governance processes and standards

Benefits

Comp & perks
  • Base Compensation Band: $190K - $250K.
  • Compensation: Competitive salary with a meaningful stake in the company via equity, and 401k plan
  • Health & well-being: We’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits
  • Commuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient
  • Grow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback
  • Play together: Quarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners!
  • Generous time off: Flexible paid time off, sick days, and 11 company holidays
  • Baby bonding time!: 12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest addition

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security GRC programtechnical security controlsdata governance programBC/DR controlsaudit managementAI governance frameworksrisk management practicescompliance narrativessecurity processesrisk assessments
Soft Skills
communication skillscollaboration skillsability to explain complex conceptsleadership skillsorganizational skills
Certifications
CISSPCISMCRISCCISAISO 27001