Security GRC Manager

About The Position

Requirements

• 5–8+ years in information security, with a focus on security risk and compliance
• Experience in fintech, banking, payments, or other regulated industries
• Strong knowledge of frameworks (e.g., SOC 2, ISO 27001, NIST CSF, PCI DSS, CIS CSC)
• Experience managing audits and working with external auditors (SOC 2 and/or PCI DSS)
• Familiarity with U.S. regulatory requirements (e.g., GLBA, FFIEC guidance)
• Excellent communication skills, including executive-level reporting

Nice To Haves

• Certifications such as CISSP, CISM, CRISC, or CISA
• Experience with cloud environments (AWS)
• Knowledge of privacy regulations (e.g., CCPA, CPRA)
• Experience building or scaling security GRC programs in a high-growth company
• Familiarity with compliance automation platforms such as Vanta

Responsibilities

• Develop, maintain, and enforce information security policies, standards, and procedures
• Align security governance with frameworks such as NIST CSF, ISO 27001, SOC 2, and PCI DSS
• Establish security metrics and reporting for leadership and board-level visibility
• Lead enterprise risk assessments, including company security risk profile and third-party risk evaluations
• Maintain and evolve a security risk register, including tracking and remediation efforts
• Partner with Engineering and IT to prioritize and mitigate security risks across systems and infrastructure
• Own and manage security and privacy compliance obligations (e.g., SOC 2 Type II, PCI DSS, GLBA, FFIEC)
• Coordinate internal and external audits, including evidence collection and auditor engagement
• Monitor regulatory changes in the areas of security and privacy that impact the company, and ensure continuous compliance
• Implement and manage third-party risk management (TPRM) processes
• Conduct outbound security due diligence of vendors and partners
• Support inbound security due diligence from vendors, partners and investors
• Track ongoing vendor compliance and risk posture
• Lead company-wide security awareness programs
• Promote a culture of security across technical and non-technical teams
• Work with Legal, Compliance, and Privacy teams on regulatory obligations and data protection
• Support incident response from a compliance and reporting perspective
• Provide guidance during product development to ensure secure-by-design practices
• Provide support to Product, Engineering and IT regarding security best practices and compliance obligations

Benefits

• 100% company-paid medical, dental, and vision coverage for you and your dependents on your first day of employment
• Up to $100 per month in fitness reimbursement or a complimentary full membership to LifeTime Fitness or Equinox
• 401(k) with a 3.5% match and immediate vesting
• Meal program available for both lunch and dinner
• Pre-tax benefits, including a $1,000 HSA match
• Life and accidental insurance
• Flexible PTO
• Short & long term disability insurance
• Eligibility to participate in bonus and equity programs