🛠 Tech Stack

💼 About This Role

You'll own Givebutter's security function, hardening critical systems and driving compliance with SOC 2 and ISO 27001. You'll partner with Product, Design & Engineering to embed security controls into the development lifecycle and manage vendor risk. This role offers high autonomy at a growth-stage fintech empowering nonprofits.

🎯 What You'll Do

• Codify and execute security roadmap to harden critical systems
• Partner with PDE to embed security into development lifecycle
• Own incident response plan end-to-end
• Manage vendor security risk assessments and penetration testing program

📋 Requirements

• 7+ years in information security, security engineering, or GRC
• 4+ years in fintech, payments, or financial services
• Deep working knowledge of SOC 2, PCI DSS, and one additional framework
• Hands-on experience with GRC tools like Vanta, Drata, or Secureframe

✨ Nice to Have

• CISSP, CISM, CISA, or CEH certification
• Familiarity with AI security frameworks (NIST AI RMF, MITRE ATLAS)
• Experience with Stripe's platform and compliance tools

🎁 Benefits & Perks

• 💰 Equity included
• 🏥 Health insurance
• 🏖️ Unlimited PTO

📨 Hiring Process

Estimated timeline: 2-3 weeks · AI estimate

1. 1Recruiter Screen· 30 min
2. 2Hiring Manager Interview· 60 min
3. 3Technical Assessment· 90 min