Security and Compliance Manager
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Security & Compliance Manager responsible for enhancing security and compliance at Givebutter. Leading security roadmap, certifications, and incident responses in a growth-stage fintech.
Responsibilities:
- Codify and execute the security roadmap for the organization, prioritizing the further hardening of critical systems (payment infrastructure, donor data stores, authentication flows, API integrations) and ensuring compliance with applicable laws (e.g., data privacy and security).
- Partner directly with PDE leadership to embed security controls into the development lifecycle: threat modeling, secure code review, vulnerability management, and CI/CD pipeline security tooling (SAST, DAST, SCA)
- Own the security incident response plan end-to-end: detection, containment, investigation, notification, remediation, and post-incident review
- Work with IT to drive identity and access management improvements, including role-based access controls, MFA enforcement, endpoint security, and session management
- Develop a deep understanding of fraud vectors in the fundraising and payments space—stolen cards, synthetic identities, friendly fraud, campaign abuse—and help us build systems that adapt as threats evolve.
- Manage vendor security risk assessments for third-party tools, integrations, and sub-processors, with continuous monitoring rather than annual check-ins
- Own the penetration testing program: vendor relationships, testing cadence, findings translation into engineering tickets, and remediation tracking to closure
- Develop and deliver security awareness training for all employees, with targeted modules for PDE, CX, and leadership audiences
- Lead SOC 2 Type II certification end-to-end: gap analysis, control design, evidence collection, remediation tracking, auditor coordination, and ongoing maintenance
- Build the roadmap toward ISO 27001 certification as the security program matures
- Serve as primary owner of our GRC platform (Vanta): driving task completion, monitoring compliance gaps, triaging findings, and ensuring remediation owners are accountable
- Manage all external auditor and certification body relationships
- Build and maintain evidence repositories that support continuous (not just point-in-time) compliance
- Prepare board-ready compliance status reports and risk summaries quarterly
- With the General Counsel’s guidance, own all required licenses, registrations, and regulatory filings across US jurisdictions, including state charitable fundraising platform registrations and other licenses
- Manage the Trust Center: content accuracy, access approvals, and customer-facing compliance documentation
Requirements:
- 7+ years of experience in information security, security engineering, GRC, or a related field, with at least 4 years in a fintech, payments, or financial services environment
- Have hands-on experience hardening production systems at a growth-stage company, not just writing policies about them
- Possess deep working knowledge of SOC 2, PCI DSS, and at least one additional framework (NIST CSF, CIS Controls, ISO 27001)
- Understand modern AI-era threat vectors and can articulate a defensive strategy against them
- Have technical fluency: you can read a cloud infrastructure diagram, understand why a GitHub permissions model matters, evaluate a pen test report, and translate all of it into actionable guidance for engineering teams
- Have managed GRC tools hands-on (Vanta, Drata, Secureframe, or similar) and driven remediation workflows to closure, not just monitored dashboards
- Have led external audits end-to-end: auditor relationships, evidence collection, findings remediation, and board-level reporting
- Can build programs, not just maintain them: you thrive in environments where the playbook doesn't exist yet and you need to write it
- Communicate complex security and regulatory topics in plain language to non-technical stakeholders
- Have strong judgment about when to escalate, when to act independently, and when to push back.
Benefits:
- Remote Work: Work remotely from one of our 10 hubs (Austin, Denver, Indianapolis, Los Angeles, San Francisco, New York, Salt Lake City, Minneapolis, Seattle, and Nashville).
- Health Insurance: We offer Medical, Dental, and Vision insurance covered 100% for employees as well as HSA and FSA accounts.
- Dependent Care Coverage: We offer coverage for dependents, with 50% of Medical, Dental, and Vision premiums covered for all eligible dependents.
- Mental Health: Givebutter health insurance plans come with access to a TalkSpace membership.
- 401k: We offer a 3% 401k match for all eligible employee's.
- Vacation and Holidays: Givebutter offers a Flexible PTO policy with uncapped vacation days and company-recognized holidays.
- Wellness Week: Givebutter closes for one week each summer to prioritize rest and recharge for the entire team.
- Parental Leave: We offer 12 weeks of paid leave for all parents and comprehensive leave planning management through Aidora.
- Family Care Support: Access a company-paid UrbanSitter membership plus care credits to book trusted, background-checked caregivers for childcare, senior care, pet care, and household support when you need it most.
- Home Office Stipend: Upgrade your home office with company-sponsored expenses, including high-quality laptops, monitors, and modern technology.
- Coworking Stipend: Enjoy a monthly stipend that gives you the freedom to work from coworking spaces or cafés whenever you need connection, community, or a change of scenery.
- Charitable Giving: Employees are encouraged to donate up to $50/month to any verified nonprofit they wish to support on Givebutter.
- Professional Development: We offer learning and development reimbursement opportunities.
- Love What You Do: We are a mission-driven company serving the charitable sector. Feel good about the work you're doing and the company you work for.
Similar Jobs
FedRAMP Security Consultant
FedRAMP Security Consultant supporting cloud service providers in readiness assessments and compliance initiatives. Collaborating with cybersecurity professionals in a remote work environment.
Vice President, Information Security
Vice President of Information Security leading cybersecurity initiatives at LifeMD, a telehealth provider. Focusing on data protection and regulatory compliance in a mission-critical healthcare environment.
Cybersecurity
Cybersecurity position focused on continuous monitoring and incident management in a collaborative tech environment. Seeking individuals eager to enhance security practices.
Lead Product Security Engineer
Lead Product Security Engineer responsible for application and infrastructure security at Aalyria. Reporting to Director of Security & IT while mentoring engineers on security practices.
Experienced Information Security Engineer
Information Security Engineer conducting vulnerability assessments for complex environments at Gainwell Technologies. Collaborating with IT Operations and leadership for security management and compliance.
Head of Security Engineering
Head of Security Engineering at Suno, defining and leading security strategy for an AI music platform. Building and leading a high-performing security engineering organization with collaboration across various teams.
Senior Cyber Architect – OT Security
Senior role at EY in Cyber Security developing and implementing OT Security solutions for clients. Involvement in monitoring, analysing, and responding to security alerts in OT environments.
Staff Cyber Architect – OT Security, Engineering
Join EY as a Staff in Cyber Security focusing on OT security. Conduct assessments, support vulnerability management, and assist clients in improving security posture.
Software Engineer V – Security Engineer
Software Engineer V at Mighty Acorn focusing on embedding security in product teams. Ensuring compliance and data protection across digital services for government agencies.
Software Engineer I – Salesforce Integration, Tier 2 Security Clearance
Software Engineer I providing engineering support for Salesforce integration to federal contact center program. Must have Tier 2 Security Clearance and up to 3 years of experience.
Senior Developer III – Salesforce Integration, Tier 2 Security Clearance
Senior Developer responsible for Salesforce CRM integration solutions. Providing technical guidance and leading integration architecture decisions for federal contact center projects.
Developer I – Salesforce Integration, Tier 2 Security Clearance
Developer I supporting the development and testing of Salesforce CRM integrations. Working remotely at M&S Consulting with an emphasis on technical qualifications and active clearance.
Security Consultant
Security Consultant driving production efficiency within design team at Ares Technology. Supporting design department in delivering high-quality, mission-critical projects.
Senior Functional Consultant – HCM, HCM Security, Recruiting
Senior Functional Consultant assisting customers in overcoming HR technology challenges and maximizing Workday's value. Engaging in various consulting services while collaborating with clients.
Senior Security Engineer
Senior Security Engineer focusing on security operations in software development pipelines for a sustainable infrastructure company. Collaborating with IT and DevOps teams in a remote setting.
Cybersecurity Project Manager – Contract
Cybersecurity Project Manager in Technology Program Management Office overseeing cybersecurity project delivery. Requires extensive experience in cybersecurity, risk, compliance, controls, and audits.
Data Protection & AI Security, Staff Engineer
Staff Engineer leading strategic data protection and AI security initiatives at The Hershey Company. Collaborating with cross-functional teams to protect sensitive data and manage emerging risks.
Senior Cybersecurity Engineer
Cybersecurity Engineer responsible for protecting technology environments and delivering threat detection capabilities. Collaborating with IT, OT, and operations to strengthen operational security and compliance.
Senior Cybersecurity Engineer, Threat Detection and Response
Cybersecurity Engineer managing threat detection and response within Starbucks Security Operations Center. Leveraging expertise in cybersecurity and advanced log analysis to mitigate threats and support IT security.
Head of Security
Head of Security operating the information security program at Anomaly. Focused on enabling rapid product development while maintaining security and compliance.