Security GRC Analyst - FinTech

Apoynt•New York, NY

10d•Onsite

About The Position

We are a vertically integrated financial services and infrastructure firm, focused on emerging asset classes and committed to market-leading regulatory compliance and operational excellence. We build secure, scalable financial infrastructure for core financial services. Our mission is to bring institutional-grade rigor to this emerging asset class, serving leading banks, insurers, and corporations seeking to integrate digital assets into their core businesses. Our technology group is central to this mission, designing and operating the platforms that power custody, trading, payments, and mining, with deep roots in security, distributed systems, and applied cryptography. Our parent company is a New York-based holding company focused on alternative asset management, digital assets, and insurance solutions. Across all of our businesses, we operate by a set of non-negotiable core values: Be Humble. Be Kind. Focus. We are transforming into an AI-first organization—embedding artificial intelligence across every layer of our businesses to accelerate innovation, elevate operational excellence, and unlock new investment capabilities. In this critical role, you will help strengthen and mature the company's security Governance, Risk, and Compliance (GRC) capabilities. Working closely with security, engineering, legal, compliance, and business partners, you will develop a deep understanding of the company's technology and risk landscape. Your primary goal will be to help ensure that our security posture is resilient, well-governed, and continuously improving. You will support the development of core security policies, assist with risk assessments, audits, and examinations, and help the business make informed decisions about security and technology strategy. Ideal candidates are self-driven problem solvers with strong analytical abilities, a comfort with ambiguity, and a genuine interest in security and emerging technologies. We value curiosity, multidisciplinary thinking, and technical acumen. You will thrive in this role if you enjoy learning, collaborating across functions, and taking ownership of complex problems.

Requirements

At least 3 years of experience in security, technology, engineering, or legal/compliance roles.
Foundational understanding of core cybersecurity principles (e.g., identity management, network security, data protection).
Familiarity with cloud-computing concepts and the shared-responsibility model (IaaS, PaaS, SaaS).
Knowledge of risk-management fundamentals, including threat, vulnerability, impact, and likelihood assessment.
Working knowledge of common security frameworks and standards (e.g., NIST CSF, SOC 2, ISO 27001, CIS Controls).
Multidisciplinary exposure across domains such as legal, compliance, operations, engineering, IT, finance, or HR.
Proficiency in at least one core GRC function, such as: Policy and procedure administration. Audit and exam management. Security risk management. KPI/KRI monitoring and reporting.
Strong analytical and critical-thinking skills.
Excellent written and verbal communication skills, including the ability to translate technical concepts for non-technical audiences.
Solid documentation skills (policies, procedures, clear risk narratives) and the ability to collaborate with technical teams and synthesize information quickly.

Nice To Haves

2+ years of direct GRC experience .
Experience in financial services or other highly regulated industries.
Familiarity with regulatory cybersecurity rules (e.g., a specific state-level cybersecurity regulation) or similar frameworks.
Background in a technical role (engineering, IT, security operations) and hands-on experience with security tooling, cloud platforms, and SaaS administration.
Demonstrated passion for cybersecurity and emerging technologies.

Responsibilities

Assist in developing, maintaining, and improving security policies, standards, and procedures, including facilitating exception-management workflows.
Support internal and external audits, examinations, and risk assessments, encompassing documentation, evidence collection, and tracking remediation activities.
Partner with technology and business teams (engineering, IT, product) to understand new technologies, identify associated risks, and develop security requirements that support compliance with internal and external obligations.
Manage third-party security risk, including due diligence on prospective and current vendors and responding to security due-diligence requests from clients and partners.
Track and report key security metrics, compliance obligations, and risk-related workflows to senior leadership.
Maintain situational awareness of emerging technologies, threats, and governance trends within the industry.
Work independently with minimal context, escalating appropriately, and consistently following through on all deliverables.

Benefits

Highly competitive compensation package.
Generous benefits package including unmetered (PTO) and employer-sponsored healthcare options.
401k program with company match (for eligible employees).
Access to virtual medical care, a dedicated benefit concierge, employer-sponsored tax preparation services, and more!

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume