Lead, Information Security & Compliance

Role Overview

We are hiring a Lead, Information Security & Compliance to own and scale our security compliance, governance, audit readiness, risk management, customer security response, and internal control programs.

This is not an IT administration role. The focus is on information security governance, SaaS/product security, cloud security controls, compliance frameworks, customer security questionnaires, audit evidence, vendor risk, and cross-functional security ownership.

The ideal candidate is someone who can operate hands-on in a fast-moving startup environment, build structure where needed, and ensure the company remains secure, compliant, audit-ready, and customer-ready without slowing down product velocity.

---

What You’ll Do

• Own and maintain security policies, standards, procedures, and control documentation across the organization.
• Drive audit readiness and compliance programs for frameworks such as SOC 2, ISO 27001, GDPR, NIST, and related customer/security requirements.
• Manage audit evidence collection, control mapping, remediation tracking, risk registers, and ongoing compliance documentation.
• Support customer security questionnaires, RFP security responses, vendor due diligence, and enterprise customer trust reviews.
• Partner with Engineering and Product teams to ensure security and compliance requirements are embedded into product design, software development, cloud infrastructure, and operational processes.
• Lead security risk assessments, gap assessments, and control reviews across SaaS products, cloud infrastructure, vendors, and internal processes.
• Track compliance gaps, security risks, remediation plans, and ownership through closure.
• Help define and improve security governance across access controls, data protection, incident response, vulnerability management, secure SDLC, and vendor risk.
• Work with Legal, Customer Success, Sales, Product, and Engineering teams on security and privacy requirements in customer contracts and enterprise reviews.
• Support incident response processes, including documentation, escalation workflows, post-incident reviews, and control improvements.
• Maintain readiness for external audits, customer reviews, investor diligence, and regulatory/security assessments.
• Build security awareness and ensure teams understand their ownership of security and compliance controls.
• Represent security and compliance initiatives to internal stakeholders, customers, auditors, and leadership when required.

---

What You’ll Bring

• 7+ years of experience in information security, security compliance, GRC, cloud security, product security, or security governance.
• Strong hands-on experience with security and compliance frameworks such as SOC 2, ISO 27001, NIST, GDPR, and related SaaS security standards.
• Experience managing audit readiness, evidence collection, control testing, risk registers, remediation tracking, and compliance documentation.
• Experience working with SaaS products, cloud environments, and enterprise customer security requirements.
• Strong understanding of cloud security concepts across AWS, Azure, or GCP.
• Good knowledge of secure SDLC, DevSecOps, application security, vulnerability management, access controls, data protection, and incident response.
• Experience responding to customer security questionnaires, RFPs, vendor reviews, or enterprise security due diligence.
• Ability to work cross-functionally with Engineering, Product, Legal, Sales, Customer Success, and leadership teams.
• Strong communication skills with the ability to explain security risks and compliance requirements to both technical and non-technical stakeholders.
• High ownership mindset, strong follow-through, and comfort operating in a fast-paced startup environment.

---

Good to Have

• Certifications such as CISSP, CISM, CISA, CCSP, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, or equivalent.
• Experience in fintech, banking, financial services, enterprise SaaS, or regulated environments.
• Experience working with AI products, data privacy, model governance, or security controls for AI-enabled platforms.
• Experience with security tools such as SIEM, EDR, vulnerability scanners, cloud security monitoring tools, GRC platforms, or audit automation tools.
• Prior experience building or scaling a security compliance function in a startup or high-growth company.

---

What Success Looks Like

• Audit evidence is always ready and well organized.
• Customer security questionnaires are handled quickly and accurately.
• Engineering and security teams have clear ownership for compliance controls.
• Compliance gaps are tracked through closure.
• Security risks are clearly documented, prioritized, and remediated.
• Security and compliance become business enablers for enterprise customers, not blockers.
• The company becomes more trusted and audit-ready without slowing down product velocity.

---

Why Join Us

• Work on AI products used by banks and credit unions in highly regulated environments.
• Own a high-impact security and compliance function at a fast-growing AI company.
• Partner directly with Engineering, Product, Legal, Customer Success, Sales, and leadership teams.
• Help build customer trust, audit readiness, and enterprise-grade security maturity.
• Be part of a company building the future of AI-powered banking.

---