Scale, automate, and optimize existing GRC, compliance, and customer assurance programs, including security questionnaires, evidence requests, trust center content, and knowledge base.
Optimize and automate an existing third-party risk program by improving risk signal quality, automating evidence collection, and reducing assessment cycle time.
Evaluate, implement and maintain GRC tooling (Vanta, Drata, SafeBase, etc.) with a focus on AI-powered automation to minimize operational overhead.
Mature existing SOC 2 program by strengthening continuous controls monitoring, reducing audit prep effort, and increasing confidence in automated evidence completeness.
Research, recommend and implement additional frameworks and attestations (ISO 27001, CSA STAR, etc.) to position Monarch as a security leader in personal finance.

3-5 years operating and scaling mature GRC, compliance, or customer assurance programs in high-growth environments.
Hands-on experience with customer assurance (security questionnaires, evidence requests, RFPs).
Hands-on experience with SOC2, CCPA/GDPR compliance and understanding of other frameworks (e.g. ISO 27001).
Hands-on experience with Continuous Controls Monitoring and compliance automation tools (Vanta, Drata, Oneleet, SafeBase, or similar).
Strong written communication skills to support internal and external engagements such as customer-facing responses.
Comfort with ambiguity and building process from scratch.
Ability to identify process anti-patterns (manual evidence requests, one-off questionnaires, duplicate controls) and replace them with durable, automated solutions.
Nice to Haves: Fintech or financial services background.
Familiarity with cloud infrastructure (AWS) and modern SaaS stack.
Experience in a high-growth startup environment within B2B SaaS.
Experience leveraging AI tools (Claude, ChatGPT) for GRC workflows
Relevant certifications (CISA, CRISC, Security+).
Experience partnering with IT to implement Corporate Security controls over SaaS, identity and access management (IAM), and endpoint security.

Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.
Competitive cash and equity compensation in a hyper growth, early stage company 🚀.
Stipend to set-up your ideal working environment.
Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).
Unlimited PTO.
3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!

Security GRC Analyst

Key skills