Elevate Fintech Security: GRC Information Security Engineer at Clutch (Remote)
Are you a visionary GRC leader ready to define and scale the trust foundation for a cutting-edge fintech platform? At Clutch, we're not just building software; we're revolutionizing financial well-being. As our Information Security Engineer focused on Governance, Risk, and Compliance (GRC), you will be the architect of our security posture, transforming strategic requirements into operational excellence and enabling rapid innovation without compromising security.
About the Team: Builders, Innovators, Impact-Makers
Join a small, high-impact Security team that thrives on collaboration and automation. We are outcome-oriented builders who value clear documentation, iterate quickly, and prefer intelligent automation over manual audits. Working closely with Infrastructure, Product Engineering, Legal, and Go-To-Market teams, you'll be instrumental in supporting a rapidly scaling fintech SaaS platform dedicated to credit unions and their members. If you're passionate about making a tangible difference in financial services and building robust security from the ground up, you'll fit right in.
What You'll Achieve: Key Milestones in Your Journey
Within 3 Months, You Will: Baseline & Strategize: Establish our comprehensive control library, meticulously mapped to SOC 2, PCI DSS, and critical fintech regulatory obligations. Identify and document security gaps, assigning clear remediation ownership within our ticketing system. Within 6 Months, You Will: Lead SOC 2 Audit: Take ownership of our next SOC 2 Type II audit cycle from initiation to completion, expertly coordinating with auditors, managing population requests, and conducting walkthroughs. Within 9 Months, You Will: Drive PCI DSS Readiness: Lead the charge on PCI DSS certification readiness, assuming Statement of Applicability (SoA) ownership, conducting internal audits, and preparing management review inputs. What You'll Bring: Your Expertise & Drive Experience: 5+ years of dedicated experience in GRC, security engineering, or risk management, with a proven track record within dynamic SaaS or fintech environments. Please note that this role may evolve as our business needs change, so we appreciate your flexibility and adaptability. What’s In It For You? Remote Flexibility: Enjoy the freedom of remote work from anywhere, balancing life and career seamlessly. About Clutch: Revolutionizing Financial Well-Being Important Note: Contractor Basis A Note About AI at Clutch: Innovate with Intelligence
Automate Evidence: Implement lightweight, efficient evidence collection pipelines for essential controls, including access reviews, backup tests, vulnerability management, and CI/CD change management, laying the groundwork for continuous monitoring.
Refresh Risk Register: Lead a complete refresh of our security risk register, applying robust likelihood and impact ratings, and publish our first quarterly risk report to key stakeholders.
Launch Vendor Risk Management: Design and roll out a comprehensive vendor risk management workflow, seamlessly integrated with procurement and Legal, covering vendor tiering, due diligence, and continuous monitoring.
Secure SDLC Integration: Partner directly with Engineering to define and embed secure SDLC checkpoints, automating evidence collection directly from GitHub, CI pipelines, and cloud environments.
Pioneer AI/ML Risk Assessment: Develop and introduce an AI/ML risk assessment framework, addressing crucial aspects like model governance, training data privacy, and managing shadow AI usage across the organization.
Establish KPI/KRI Dashboards: Define and establish key performance indicators (KPIs) and key risk indicators (KRIs) for control effectiveness and risk trends, presenting executive-level dashboards for internal and customer consumption.
Mature Incident Response: Enhance our incident response playbooks and spearhead at least one cross-functional tabletop exercise, driving measurable improvements in our organizational response capabilities.
Integrate AI Governance: Establish formal AI governance policies and integrate AI-related risks seamlessly into the existing risk register, vendor assessments, and ongoing compliance monitoring processes.
Audit & Compliance Mastery: Demonstrated expertise in running SOC 2 Type II audits and working towards ISO 27001, including hands-on experience with evidence automation and managing auditor interactions.
Cloud Security Acumen: Strong understanding of cloud security controls across AWS, containerized workloads, and modern CI/CD practices.
Technical Breadth: Practical knowledge of secure SDLC principles, vulnerability management, identity and access management (IAM), and third-party risk management.
Translational Skills: Exceptional ability to translate complex security requirements into clear, actionable, ticketed work with defined owners and due dates.
Communication Excellence: Outstanding written communication skills, essential for crafting impactful policies, detailed customer questionnaires, and concise executive-level reporting.
AI/ML Risk Focus: Familiarity with leading AI/ML risk frameworks (e.g., NIST AI RMF, ISO 42001) and practical experience in assessing AI-related risks such as model bias, data lineage, shadow AI, and third-party AI vendor exposure.
AI-Driven Builder: A strong comfort level with leveraging AI tools to automate compliance workflows, streamline evidence collection, and enhance risk analysis. We value builders who use AI to multiply their impact, not just to check boxes.
Nice to Have: Experience with privacy programs, PCI readiness, financial services regulations, or AI governance. Relevant certifications such as CISA, CISSP, ISO 27001 LI/LA, or ISO 42001 are a significant plus.
Unforgettable Off-Sites: Twice a year, bond with colleagues in exciting destinations, fostering teamwork and fresh ideas.
Generous Time Off: Enjoy 20 PTO days yearly and all National Holidays for relaxation and rejuvenation.
Stock Options: Joining us means having a stake in our success, so you'll receive stock options as part of your compensation package.
Home Office Setup: Create your ideal workspace with a dedicated budget for home office essentials.
Work Trip Budget: Grow personally and professionally with a budget for work-related trips and co-working.
Clutch is a revolutionary vertical SaaS company, proudly backed by Andreessen Horowitz (A16z), aimed at transforming how Credit Unions engage with and change the lives of their members. We champion financial well-being, addressing the urgent need for affordable lending solutions in an era where the average American grapples with over $155,000 in household debt. Unlike traditional financial institutions, Clutch develops software to empower Credit Unions as FinTech lenders, leveraging their balance sheets to responsibly lend to over 130M Americans. Our mission extends beyond mere financial transactions; we strive to fundamentally enhance the way credit unions interact with their members. By integrating cutting-edge technologies and user-centric designs, we help credit unions provide seamless digital experiences that are on par with leading tech companies. This approach not only preserves but revitalizes the longstanding tradition of community and member-focused service inherent to credit unions.
Please note: This position is offered on a contractor basis. Applicants must have the necessary documentation and authorization to work in the country where the job is located. Clutch cannot provide sponsorship or assist with obtaining work permits for this role.
We love AI. We use it often and encourage our team to creatively and effectively leverage AI tools in their work. If you join Clutch, we hope you'll bring the same enthusiasm for exploring how AI can amplify impact, productivity, and innovation.
That said, during the interview process, we want to hear your thoughts. Please approach interviews without the use of AI tools—our goal is to get to know how you think, solve problems, and communicate. Once you're in the seat, bring on the prompts!