Head of Security GRC

About The Position

Requirements

• Proven experience owning a security GRC program at a tech or fintech organization
• Strong experience designing, developing and implementing technical security and privacy controls
• Deep familiarity with SOC, NYDFS Part 500, FTC Safeguards Rule, and CCPA; experience with NIST CSF, ISO 27001 and related frameworks
• Hands-on experience building or maturing a data governance program, including classification frameworks, retention policies, and data subject rights workflows
• Knowledge of BC/DR controls - BIA, RTO/RPO, recovery playbooks, and tabletop exercises
• Strong track record managing external audits end-to-end — scoping, evidence coordination, findings remediation
• Familiarity with AI governance and risk frameworks, including assessing security risks introduced by LLM and agentic systems
• Experience applying AI tools to security and/or GRC processes
• Ability to translate technical security controls into clear compliance narratives for auditors, customers, and executives
• Applied knowledge with industry security and compliance frameworks (NIST, CIS, SOC 2/ISO 27001 concepts)
• Hands-on in both developing and operating security processes day-to-day (builder and operator)
• Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders
• 7+ years in a progressive security management roles leading security focused technical GRC, compliance, and/or risk management programs
• Bachelor's degree in Information Security, Computer Science, Technology or related field
• Relevant security certifications (e.g., CISSP, CISM, CRISC, CISA or similar)
• Hands-on experience managing compliance audits such as SOC 2, ISO 27001 and others
• Experience driving risk management and assessment practices at scale
• Applied knowledge of data governance processes and standards

Nice To Haves

• Experience working in high-growth or startup environments is a plus

Responsibilities

• Manage and expand Valon's security and privacy compliance program across key frameworks and regulations (e.g., SOC 2, NYDFS Cybersecurity Regulation, FTC Safeguards Rule, CCPA and evolving regulations)
• Build and scale modern Security GRC capabilities that leverage AI-enabled tools and processes, reducing manual overhead while optimizing risk and compliance operations
• Support AI security standards development and risk processes
• Design, develop and monitor technical security controls
• Lead audit preparation and management
• Maintain and evolve Valon's risk management practices; facilitate risk assessments across teams and track remediation of identified issues to closure
• Develop, publish, and maintain security policies, standards, and procedures in partnership with IT, Engineering and Legal
• Build and mature Valon's Data Governance program including secure data handling practices
• Enhance BC/DR risk management practices and processes
• Partner with Engineering and Product to assess security compliance implications of new features, infrastructure changes, and data flows
• Manage security compliance, regulatory requirements, and customer-facing due diligence, while supporting operational security activities including advisory reviews, incident management, and issue remediation

Benefits

• Base Compensation Band: $190K - $250K.
• Competitive salary with a meaningful stake in the company via equity, and 401k plan
• Comprehensive medical, dental, & vision benefits
• Pre-tax deductions for public transportation, rideshare services, and parking expenses
• Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback
• Quarterly budgets for team and company outings.
• Flexible paid time off, sick days, and 11 company holidays
• 12 weeks off for both birthing and non-birthing parents - fully paid