Head of Security, GRC
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Head of Security GRC overseeing governance, risk, and compliance for Valon, an AI-native fintech startup. Ensuring security practices for customer data and regulatory requirements are met.
Responsibilities:
- Manage and expand Valon's security and privacy compliance program across key frameworks and regulations (e.g., SOC 2, NYDFS Cybersecurity Regulation, FTC Safeguards Rule, CCPA and evolving regulations)
- Build and scale modern Security GRC capabilities that leverage AI-enabled tools and processes, reducing manual overhead while optimizing risk and compliance operations
- Support AI security standards development and risk processes
- Design, develop and monitor technical security controls
- Lead audit preparation and management
- Maintain and evolve Valon's risk management practices; facilitate risk assessments across teams and track remediation of identified issues to closure
- Develop, publish, and maintain security policies, standards, and procedures in partnership with IT, Engineering and Legal
- Build and mature Valon's Data Governance program including secure data handling practices
- Enhance BC/DR risk management practices and processes
- Partner with Engineering and Product to assess security compliance implications of new features, infrastructure changes, and data flows
- Manage security compliance, regulatory requirements, and customer-facing due diligence, while supporting operational security activities including advisory reviews, incident management, and issue remediation
Requirements:
- Proven experience owning a security GRC program at a tech or fintech organization
- Strong experience designing, developing and implementing technical security and privacy controls
- Deep familiarity with SOC, NYDFS Part 500, FTC Safeguards Rule, and CCPA; experience with NIST CSF, ISO 27001 and related frameworks
- Hands-on experience building or maturing a data governance program, including classification frameworks, retention policies, and data subject rights workflows
- Knowledge of BC/DR controls - BIA, RTO/RPO, recovery playbooks, and tabletop exercises
- Strong track record managing external audits end-to-end — scoping, evidence coordination, findings remediation
- Familiarity with AI governance and risk frameworks, including assessing security risks introduced by LLM and agentic systems
- Experience applying AI tools to security and/or GRC processes
- Ability to translate technical security controls into clear compliance narratives for auditors, customers, and executives
- Applied knowledge with industry security and compliance frameworks (NIST, CIS, SOC 2/ISO 27001 concepts)
- Hands-on in both developing and operating security processes day-to-day (builder and operator)
- Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders
- Experience working in high-growth or startup environments is a plus
- 7+ years in a progressive security management roles leading security focused technical GRC, compliance, and/or risk management programs
- Bachelor's degree in Information Security, Computer Science, Technology or related field
- Relevant security certifications (e.g., CISSP, CISM, CRISC, CISA or similar)
- Hands-on experience managing compliance audits such as SOC 2, ISO 27001 and others
- Experience driving risk management and assessment practices at scale
- Applied knowledge of data governance processes and standards
Benefits:
- Base Compensation Band: $190K - $250K.
- Compensation: Competitive salary with a meaningful stake in the company via equity, and 401k plan
- Health & well-being: We’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits
- Commuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient
- Grow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback
- Play together: Quarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners!
- Generous time off: Flexible paid time off, sick days, and 11 company holidays
- Baby bonding time!: 12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest addition
Similar Jobs
Senior Security Engineer, Identity & Access Management
Senior Security Engineer designing and managing IAM systems for Valon’s workforce and customer authentication. Collaborating across teams to secure AI-powered capabilities and optimize security processes.
Senior Product Security Engineer – Customer Platform
Senior Product Security Engineer at Valon ensuring the security of SaaS platform architecture and customer-facing security capabilities. Collaborate with cross-functional teams to optimize security processes.
Senior Cloud Security Engineer
Senior Cloud Security Engineer responsible for securing a massive hybrid ecosystem for USPS. Implementing strategies for compliance, identity management, and threat detection in cloud environments.
Compliance/Security Officer
Compliance Officer overseeing comprehensive compliance program while ensuring adherence to federal and state laws. Leading policies, audits, and risk assessments in a healthcare context.
Director of Security
Director of Security responsible for information security and compliance for Crete Professionals Alliance. Leading a team, managing risk, and integrating security processes across the organization.
Security Engineer
Information Security Engineer managing endpoint defense, security awareness, and operations. Collaborating to enhance the security program within FMG's remote IT environment.
Security Tech Lead
Security Tech Lead managing information security initiatives to protect data and systems. Leading and supporting the adoption of secure practices across teams and gaining client trust.
Senior Supply Chain Security Engineer
Senior Supply Chain Security Engineer developing Docker's security-hardened images and managing Helm charts. Collaborating on upstream OSS projects and ensuring compatibility with Kubernetes and security guidelines.
Enterprise Security Engineer
Enterprise Security Engineer at Benchling focusing on building a security program and implementing zero trust strategies for sensitive data protection.
Head of Security Research
Head of Security Research leading a team of security experts at Dropzone AI. Overseeing threat intelligence, detection engineering, and building an elite security team.
Information Systems Security Manager
IT Security Manager leading security professionals to protect sensitive data and ensure compliance. Overseeing cybersecurity policies, incident response, and risk management frameworks.
IT Business Partner, Enterprise Solutions – Real Estate and Corporate Security Platforms
Business Partnering role focused on leading business analysis for Real Estate and Corporate Security technology at Fresenius Medical Care. Collaborating with business owners to define and manage digital strategy and roadmap.
Cybersecurity Engineer II
Mid-level Cybersecurity Engineer responsible for identity security and cloud platforms. Supporting compliance with CMMC and NIST across various government environments.
FP&A Director, Security
FP&A Director overseeing P&L accountability and financial analysis for Cobalt’s security business. Driving key operating decisions and contributing to M&A deals.
Senior Corporate Security Engineer
Corporate Security Engineer handling IT and cloud security for Juniper Square, focusing on threat detection, incident response, and security tooling management.
Security Engineer – Threat Detection
Security Engineer at Snowflake enhancing threat detection capabilities utilizing AI and automation, collaborating across Security and Engineering teams.
Senior AI Security Engineer, Cyber Architecture, OT and Engineering
Sr. Agentic AI Engineer designing, building, and operationalizing agentic AI systems at EY. Working on multi-agent frameworks and intelligent automation to enhance cybersecurity posture.
Senior Security Architect
Remote Sr. Security Architect at Alkami, enabling secure business practices with proactive security initiatives and collaboration across teams in a growing SaaS environment.
Information Security Officer
Information Security Officer at SmartestEnergy Limited shaping ISO 27001:2022 across a global business landscape. Driving governance, risk management, compliance, and security best practices in a collaborative environment.
Network Security Engineer
Network Security Engineer designing, implementing, and maintaining secure network infrastructures at SOFTSWISS. Strengthening corporate security and improving standards in iGaming services.