Head of Security, GRC

📋 Description

• Oversee and enhance Valon's security and privacy compliance initiatives across essential frameworks and regulations (e.g., SOC 2, NYDFS Cybersecurity Regulation, FTC Safeguards Rule, CCPA, and emerging regulations).

• Develop and expand contemporary Security GRC capabilities utilizing AI-driven tools and processes, minimizing manual effort while streamlining risk and compliance operations.

• Assist in the creation of AI security standards and risk management processes.

• Design, implement, and monitor technical security controls.

• Lead the preparation and management of audits.

• Maintain and advance Valon's risk management practices; conduct risk assessments across teams and ensure the resolution of identified issues.

• Create, publish, and sustain security policies, standards, and procedures in collaboration with IT, Engineering, and Legal departments.

• Establish and enhance Valon's Data Governance program, including secure data handling practices.

• Improve BC/DR risk management practices and processes.

• Collaborate with Engineering and Product teams to evaluate the security compliance implications of new features, infrastructure modifications, and data flows.

• Oversee security compliance, regulatory obligations, and customer-facing due diligence, while supporting operational security functions such as advisory reviews, incident management, and issue resolution.

⛳️ Requirements

• Demonstrated experience leading a security GRC program in a tech or fintech environment.

• Extensive experience in designing, developing, and implementing technical security and privacy controls.

• In-depth knowledge of SOC, NYDFS Part 500, FTC Safeguards Rule, and CCPA; familiarity with NIST CSF, ISO 27001, and related frameworks.

• Direct experience in building or enhancing a data governance program, encompassing classification frameworks, retention policies, and workflows for data subject rights.

• Understanding of BC/DR controls, including BIA, RTO/RPO, recovery playbooks, and tabletop exercises.

• Proven track record of managing external audits from start to finish — including scoping, evidence coordination, and findings remediation.

• Familiarity with AI governance and risk frameworks, particularly in assessing security risks posed by LLM and agentic systems.

• Experience utilizing AI tools in security and/or GRC processes.

• Competence in translating technical security controls into clear compliance narratives for auditors, customers, and executives.

• Practical knowledge of industry security and compliance frameworks (NIST, CIS, SOC 2/ISO 27001 concepts).

• Active involvement in both the development and daily operation of security processes (builder and operator).

• Exceptional communication and collaboration abilities, capable of explaining complex security concepts to both technical and non-technical audiences.

• Experience in high-growth or startup settings is advantageous.

• 7+ years in progressive security management positions, leading security-focused technical GRC, compliance, and/or risk management programs.

• Bachelor's degree in Information Security, Computer Science, Technology, or a related field.

• Relevant security certifications (e.g., CISSP, CISM, CRISC, CISA, or similar).

• Hands-on experience managing compliance audits such as SOC 2, ISO 27001, and others.

• Experience in driving risk management and assessment practices at scale.

• Practical knowledge of data governance processes and standards.

🏝️ Benefits

• Base Compensation Band: $190K - $250K.

• Compensation: Competitive salary with a significant equity stake in the company, along with a 401k plan.

• Health & well-being: We prioritize your physical and mental health with comprehensive medical, dental, and vision benefits.

• Commuter benefits: We provide pre-tax deductions for public transportation, rideshare services, and parking costs to make your commute more economical and convenient.

• Grow together: Company-wide orientation to ensure a successful onboarding experience, along with various learning and development opportunities including regular review cycles featuring 360-degree feedback.

• Play together: Quarterly budgets for team and company outings, which can be used for team swag, cooking classes, or team dinners!

• Generous time off: Flexible paid time off, sick days, and 11 company holidays.

• Baby bonding time!: 12 weeks of fully paid leave for both birthing and non-birthing parents, allowing you to focus on your newest family member.