Baseline our control library mapped to SOC 2, PCI DSS, and key fintech obligations.
Implement lightweight evidence collection pipelines for top controls such as access reviews, backup tests, vulnerability management, and CI/CD change management.
Complete a security risk register refresh with likelihood and impact ratings, and publish a quarterly risk report.
Lead our next SOC 2 Type II audit cycle end‑to‑end, including auditor coordination, population requests, and walkthroughs.
Roll out a vendor risk management workflow integrated with procurement and Legal, including tiering, due diligence, and continuous monitoring.
Partner with Engineering to define secure SDLC checkpoints and automate evidence from GitHub, CI, and cloud.
Develop an AI/ML risk assessment framework covering model governance, training data privacy, and shadow AI usage across the organization.
Drive PCI DSS certification readiness, including SoA ownership, internal audits, and management review inputs.
Establish KPI/KRIs and dashboards for control effectiveness and risk trends consumed by execs and customers.
Mature incident response playbooks and conduct at least one cross‑functional tabletop with measurable improvements.
Establish AI governance policies and integrate AI risk into the existing risk register, vendor assessments, and compliance monitoring.

5+ years in GRC, security engineering, or risk management within SaaS or fintech environments.
Proven experience running SOC 2 Type II and working toward ISO 27001, including evidence automation and auditor interactions.
Strong understanding of cloud security controls across AWS, containerized workloads, and modern CI/CD.
Practical knowledge of secure SDLC, vulnerability management, identity and access management, and third-party risk.
Ability to translate requirements into actionable, ticketed work with clear owners and due dates.
Excellent written communication for policies, customer questionnaires, and exec-level reporting.
Familiarity with AI/ML risk frameworks (e.g., NIST AI RMF, ISO 42001) and practical experience assessing AI-related risks such as model bias, data lineage, shadow AI, and third-party AI vendor exposure.
Comfort leveraging AI tools to automate compliance workflows, evidence collection, and risk analysis.

Remote Flexibility: Enjoy the freedom of remote work from anywhere, balancing life and career seamlessly.
Unforgettable Off-Sites: Twice a year, bond with colleagues in exciting destinations, fostering teamwork and fresh ideas.
Paid Time Off and National Holidays: Enjoy 20 PTO days yearly and the National Holidays for relaxation and rejuvenation.
Stock Options: Joining us means having a stake in our success, so you'll receive stock options as part of your compensation package.
Home Office Setup: Create your ideal workspace with a dedicated budget for home office essentials.
Work Trip Budget: Grow personally and professionally with a budget for work-related trips and co-working.

Information Security Engineer – GRC

Key skills