Build the Future of Fintech Security at Earned
Earned is revolutionizing financial services for doctors, their families, and their practices. We're not just another fintech startup; we're a category-defining firm backed by $200M in funding and driven by a mission to provide unparalleled, tax-smart financial solutions. We're scaling rapidly through strategic M&A, integrating best-in-class firms to expand our capabilities and reshape the financial landscape for medical professionals.
Join our team and be a part of something truly innovative. Backed by leading investors like Summit Partners, Silversmith Capital, and Breyer Capital, we're building something special, and we're looking for a talented and passionate Information Security Lead to help us secure the future.
The Opportunity: Information Security Lead
Are you ready to be a cybersecurity champion? Earned is seeking a proactive and experienced Information Security Lead to own and elevate our security, compliance, and risk programs. This is a unique opportunity to be the first dedicated information security expert at Earned, partnering with teams across IT, Engineering, and Operations to build a robust and resilient security foundation from the ground up. Your leadership will have a direct and lasting impact on our security posture and readiness as we scale.
What You'll Do:
Lead the Charge: Drive SOC 2 Type I & II, SEC S-P, ISO 27001, and CCPA initiatives, collaborating with external firms and consultants.
Policy Architect: Maintain and enhance core security and compliance policies (WISP, CDISP, Access, Privacy, Intercompany Agreements).
Access Guru: Implement data and access permissions aligned with security and compliance policies, working closely with engineering.
Integration Master: Develop scalable processes to integrate acquired firms into Earned’s security and compliance program.
Risk Navigator: Conduct risk assessments and maintain a shared risk register with remediation tracking.
Identity Guardian: Support identity and access governance (MFA/SSO reviews, onboarding/offboarding, quarterly access reviews).
Vendor Sentinel: Run vendor risk assessments for new and renewing vendors.
Platform Commander: Manage evidence collection, asset inventory, and security compliance platforms (e.g., Vanta, Drata).
Incident Responder: Assist with incident documentation, timelines, and corrective actions.
What You'll Bring:
Education: Bachelor’s degree in a relevant field.
Experience: 5+ years in GRC, IT audit, security operations, or compliance.
Scaling Expertise: Experience in organizations scaling through both organic and inorganic (M&A) growth.
Framework Familiarity: Solid understanding of HITRUST, SOC 2, SEC S-P, NIST CSF, ITGC, and vendor risk frameworks.
Implementation Prowess: Proven experience designing and implementing scalable evidence systems, compliance workflows, metrics pipelines, and exception processes.
Technical Integration: Ability to integrate GRC systems with cloud and SaaS environments for automated evidence collection and continuous monitoring.
Communication Skills: Strong documentation, organization, and communication skills.
Self-Starter Mentality: Ability to work independently in a fast-paced, small-team environment.
Bonus Points:
Experience in financial services or highly regulated environments.
Exposure to Vanta, Drata, or Archer.
Experience supporting M&A-driven security assessments.
Why Earned?
We offer a competitive total compensation package, employer-sponsored health insurance (medical, dental, vision), and a 401k with a 5% match. But more importantly, you'll be joining a team of passionate individuals dedicated to making a real difference in the lives of doctors and their families. You'll have the opportunity to build something amazing from the ground up, working in a fast-paced, innovative environment where your contributions will be valued and recognized.