Secure the Future of Fintech: Governance, Risk & Compliance at Clutch
Are you a cybersecurity professional passionate about building trust and reducing risk in a fast-paced fintech environment? Join Clutch, a vertical SaaS company backed by Andreessen Horowitz (A16z), and become the cornerstone of our security posture as an Information Security Engineer focused on Governance, Risk, and Compliance (GRC). You'll be instrumental in operationalizing our security controls, driving continuous monitoring, and collaborating with diverse teams to ensure we maintain a robust and secure foundation for our innovative solutions.
About the Team
You'll be an integral part of a small, high-impact Security team that collaborates closely with Infrastructure, Product Engineering, Legal, and Go-to-Market teams. We champion outcome-oriented builders, prioritize clear documentation, and embrace automation over manual processes. We operate transparently, conduct regular retrospectives, and iterate rapidly to support our scaling fintech SaaS platform serving credit unions and their members.
Your Mission: What You'll Do
Here's your roadmap to success at Clutch:
Within 3 Months, You'll:
Baseline our control library, mapping it to SOC 2, PCI DSS, and key fintech obligations. Establish ownership and remediation plans within our ticketing system.
Implement lightweight evidence collection pipelines for critical controls such as access reviews, backup testing, vulnerability management, and CI/CD change management.
Refresh our security risk register with likelihood and impact assessments and publish a quarterly risk report to keep stakeholders informed.
Within 6 Months, You'll:
Spearhead our next SOC 2 Type II audit cycle end-to-end, including auditor coordination, population requests, and walkthroughs to ensure a seamless and successful audit.
Roll out a comprehensive vendor risk management workflow integrated with procurement and Legal, encompassing tiering, due diligence, and continuous monitoring to safeguard our ecosystem.
Collaborate with Engineering to define secure SDLC checkpoints and automate evidence collection from GitHub, CI pipelines, and cloud infrastructure.
Within 9 Months, You'll:
Drive PCI DSS certification readiness, taking ownership of the Scope of Authority (SoA), conducting internal audits, and providing input for management reviews.
Establish Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), along with dashboards to monitor control effectiveness and risk trends, providing valuable insights to executives and customers.
Enhance incident response playbooks and conduct at least one cross-functional tabletop exercise, implementing measurable improvements based on the results.
What You'll Bring to the Table
5+ years of experience in GRC, security engineering, or risk management within SaaS or fintech environments.
Demonstrated experience managing SOC 2 Type II audits and working towards ISO 27001 certification, including evidence automation and auditor interactions.
In-depth understanding of cloud security controls across AWS, containerized workloads, and modern CI/CD pipelines.
Practical knowledge of secure SDLC, vulnerability management, identity and access management, and third-party risk management.
Ability to translate complex requirements into actionable tasks with clear ownership and deadlines within a ticketing system.
Exceptional written communication skills for crafting policies, responding to customer questionnaires, and producing executive-level reports.
Bonus points: Experience with privacy programs, PCI readiness, or financial services regulations; relevant certifications (e.g., CISA, CISSP, ISO 27001 LI/LA) are highly valued.
This role is dynamic, and your responsibilities may evolve as our business grows. We value flexibility and adaptability.
Perks & Benefits: What’s In It For You?
Remote Flexibility: Work from anywhere and enjoy a true work-life balance.
Unforgettable Off-Sites: Twice-yearly opportunities to connect with colleagues in exciting locations.
Generous Time Off: 20 days of PTO annually, plus national holidays, for rest and recharge.
Stock Options: Share in our success with a valuable stock option package.
Home Office Setup: A dedicated budget to create your ideal workspace.
Professional Development: A budget for work-related trips and co-working spaces to fuel your growth.
About Clutch
Clutch is a groundbreaking vertical SaaS company, backed by Andreessen Horowitz (A16z), focused on transforming how Credit Unions engage with and improve the lives of their members. We address the pressing need for affordable lending solutions in a world where the average American faces over $155,000 in household debt. Unlike traditional institutions, Clutch empowers Credit Unions to become FinTech lenders, leveraging their balance sheets to responsibly lend to over 130 million Americans. Our mission is to revolutionize credit union interactions through cutting-edge technology and user-centric design, providing seamless digital experiences that rival leading tech companies. We're not just preserving the community focus of credit unions; we're revitalizing it.
Please note: This position is offered on a contractor basis. Applicants must possess the necessary documentation and authorization to work in the country where the job is located. Clutch is unable to provide sponsorship or assistance with obtaining work permits for this role.
A Note About AI at Clutch
We're big fans of AI and encourage our team to use it creatively and effectively in their work. Join Clutch and explore how AI can amplify your impact, productivity, and innovation.
However, during the interview process, we want to hear your thoughts. Please refrain from using AI tools during interviews—our goal is to understand your unique thinking, problem-solving skills, and communication style. Once you're onboard, unleash the prompts!