Founding Security Operations & GRC Lead
Founding Security Operations & GRC Lead
A newly established fintech and trust bank focused on digital payments and digital asset infrastructure.
Confidential Search
Location: Remote, U.S.-Based
Employment Type: Full-Time
Compensation: $140,000–$190,000 Base Salary (Depending on Experience)
Position Overview
The Founding Security Operations & GRC Lead will serve as the internal owner of security operations execution and governance activities across cloud infrastructure, enterprise technology, product platforms, and third-party vendors.
The organization leverages specialized security, infrastructure, compliance, and advisory partners for implementation and monitoring activities; however, internal ownership of security findings, remediation tracking, risk management, control evidence, and examination readiness remains critical.
This role is ideal for someone with experience in security operations, cloud security, security governance, technology risk management, audit support, or security compliance within regulated industries.
Key Responsibilities
Security Operations
Manage day-to-day security operations across cloud, product, vendor, and enterprise technology environments.
Monitor and coordinate remediation of security findings from security tools, cloud monitoring services, and third-party assessments.
Review, triage, prioritize, track, and escalate security alerts and security-related issues.
Coordinate security incident response activities, including investigation support, escalation, evidence preservation, communications, and post-incident review.
Cloud Security
Support cloud-security posture management within AWS environments.
Oversee security controls related to:
IAM
CloudTrail
AWS Config
Security Hub
GuardDuty
Inspector
Macie
KMS
Secrets Manager
WAF
Backup and recovery controls
Maintain cloud-security documentation and evidence for audits and examinations.
Governance, Risk & Compliance (GRC)
Maintain security control documentation, audit evidence, risk registers, and security exception records.
Support access governance activities, including user access reviews, privileged access certifications, and joiner/mover/leaver processes.
Prepare and organize security evidence for internal audits, external audits, regulatory examinations, and third-party reviews.
Assist with ongoing compliance and examination-readiness initiatives.
Vendor Risk & Oversight
Coordinate security oversight activities involving critical third-party providers and security partners.
Review vendor security documentation, assessment results, penetration-test reports, and remediation plans.
Track vendor-related security issues and follow up on corrective actions.
Secure Development & Vulnerability Management
Partner with engineering and platform teams to support secure SDLC controls.
Coordinate remediation activities for findings from:
Vulnerability assessments
Penetration tests
Code reviews
SAST tools
Dependency scans
Secrets scanning
Container security reviews
Track remediation progress and ensure timely closure of identified risks.
Regulatory & Examination Readiness
Maintain organized, accurate, and examination-ready security evidence.
Support regulatory readiness activities and ensure security controls remain properly documented and defensible.
Provide regular updates to leadership regarding security risks, incidents, remediation efforts, and control effectiveness.
Qualifications
Required
7+ years of experience in one or more of the following areas:
Security Operations
Cloud Security
Information Security
Technology Risk
Incident Response
Vulnerability Management
GRC / Security Compliance
Experience supporting security programs in regulated or audit-sensitive environments.
Strong understanding of:
Incident response
Alert triage
Access reviews
Vulnerability management
Risk remediation
Security control documentation
Hands-on experience with AWS security services and cloud-security operations.
Experience working with SIEM, MDR, EDR, vulnerability management, identity management, and ticketing platforms.
Ability to coordinate effectively across technical teams, business stakeholders, and external partners.
Strong documentation, communication, and organizational skills.
Preferred
Experience within:
Banking
Fintech
Payments
Trust companies
Financial services
Digital asset or custody environments
Familiarity with:
OCC examination readiness
FFIEC guidance
NIST CSF
NIST 800-53
SOC 2
GLBA
CIS Controls
Experience supporting AWS multi-account cloud environments.
Exposure to digital assets, blockchain, stablecoins, wallets, custody platforms, or regulated payment systems.
Experience supporting Microsoft 365, endpoint security, identity governance, EDR, or SASE technologies.
Professional certifications such as:
CISSP
CISM
CISA
CCSP
AWS Security Specialty
GIAC
Security+
What Makes This Opportunity Unique
Founding-level security leadership role with significant visibility and impact
Opportunity to help build security operations and governance programs from the ground up
Direct interaction with executive leadership, including CTO/CISO
Exposure to regulatory, cloud-security, vendor-risk, and audit-readiness initiatives
Collaborative environment supported by specialized security and compliance partners
Remote work flexibility within the United States
Interested candidates should possess a hands-on approach, strong ownership mentality, and the ability to thrive in a fast-paced, high-growth environment where security, compliance, and operational excellence are critical to success.
Ro apply, please email your resume to xjiang@pasona.com