🛠 Tech Stack

💼 About This Role

You'll own and mature the trust foundation by operationalizing security controls and driving evidence collection and continuous monitoring. You'll partner with product, engineering, and business teams to reduce risk while enabling speed in a rapidly scaling fintech SaaS platform. You'll also lead SOC 2 Type II audit cycles and develop AI/ML risk assessment frameworks.

🎯 What You'll Do

• Baseline control library mapped to SOC 2, PCI DSS, and fintech obligations.
• Implement lightweight evidence collection pipelines for key controls.
• Lead SOC 2 Type II audit cycle end-to-end.
• Develop AI/ML risk assessment framework covering model governance.

📋 Requirements

• 5+ years in GRC, security engineering, or risk management within SaaS or fintech.
• Proven experience running SOC 2 Type II and working toward ISO 27001.
• Strong understanding of cloud security controls across AWS and containerized workloads.
• Ability to translate requirements into actionable, ticketed work with clear owners and due dates.

✨ Nice to Have

• Experience with privacy programs, PCI readiness, or financial services regulations.
• Relevant certifications (e.g., CISA, CISSP, ISO 27001 LI/LA, ISO 42001).
• Familiarity with AI/ML risk frameworks (e.g., NIST AI RMF, ISO 42001).

🎁 Benefits & Perks

• 🏖️ Remote Flexibility
• 🏢 Home Office Setup budget
• 💰 Stock Options
• ✈️ Work Trip Budget
• 🗓️ 20 PTO days plus national holidays

📨 Hiring Process

Estimated timeline: 2-4 weeks · AI estimate

1. 1Recruiter Screen· 30 min
2. 2Hiring Manager Interview· 60 min
3. 3Technical Interview· 60 min

🚩 Heads Up

• Role may evolve as business needs change (scope creep potential).
• Contractor basis with no sponsorship.