# Senior Security Analyst, Customer Assurance

**Company:** [Plaid](https://hotfix.jobs/companies/plaid)
**Location:** New York, NY, Seattle, WA, Raleigh, NC, San Francisco, CA
**Role:** Security Engineering
**Salary:** $134k – $214k/yr
**Experience:** 6+ years
**Skills:** Security Contracts, Msas, Dpas, Security Addenda, SOC 2, ISO 27001, Nist Csf, Pci Dss, Glba, GDPR, CCPA, Nist 800-53, Security Assurance, GRC, AI Workflows
**Posted:** 2026-06-30

> Own Plaid's Security Contracts program: review security provisions in MSAs/DPAs/addenda, provide positions to Legal/GTM for negotiations, build scalable processes/playbooks, track patterns for improvements, and support questionnaires/audit calls. Requires 6+ years in security GRC/assurance with fintech experience, deep clause knowledge, and AI fluency.

## Job Description

## Responsibilities
- Lead security contract reviews across customer MSAs, DPAs, security addenda, and security exhibits by identifying unacceptable clauses, forming a clear security position, and providing Legal with actionable feedback they can take directly into negotiations.
- Design and own the end-to-end Security Contracts program infrastructure, including intake processes, tiered SLAs, security positions runbooks, and handoff protocols with Legal and GTM.
- Track security contract asks across deals, identify recurring patterns, and determine whether they represent gaps in Plaid’s program or non-standard customer requests.
- Assess feasibility and propose recommendations to leadership when recurring asks point to program gaps, and codify existing capabilities into standard security addenda where appropriate to reduce future negotiation cycles.
- Join customer and data partner calls as Plaid’s security subject matter expert, building trust through patient, clear, and collaborative communication.
- Define KPIs, build dashboards, and deliver regular reporting on program health to Security and GTM leadership, including visibility into deal friction, SLA adherence, and improvement opportunities.
- Build and scale AI-assisted workflows for security assurance, contract review, questionnaire completion, clause library maintenance, pattern analysis, and reporting.
- Support customer security questionnaires and external audit calls with customers and data partners, ensuring Plaid presents a consistent and credible security posture across customer-facing assurance activities.

## Qualifications
- 6+ years of experience in security assurance, security GRC, security compliance, or a related information security role with meaningful ownership of customer- or partner-facing security workflows.
- Experience reviewing security provisions in MSAs, DPAs, and security addenda — and translating that expertise into clear positions Legal can take directly into negotiations.
- Deep familiarity with common security clause types: e.g. incident notification windows, audit rights, encryption requirements, subprocessor obligations, data retention, and penetration testing provisions.
- Ability to translate a company's security posture and risk appetite into clear, defensible contract positions and hold those positions through multiple negotiation cycles.
- Experience representing a company's security program directly to customers and financial institution partners on calls — fielding questions about security controls, compliance posture, and contractual obligations.
- Working knowledge of SOC 2, ISO 27001, NIST CSF, PCI DSS, GLBA, GDPR/CCPA, NIST 800-53, etc.
- Deep understanding of what "standard" security contract language looks like in fintech and banking agreements.
- Prior experience in fintech, payments, or financial services.
- Experience building security assurance programs — designing intake processes, tiered SLAs, escalation paths, and runbooks.
- Strong analytical skills: ability to identify patterns across a high volume of security contract asks, track pushback rates and cycle counts, and translate findings into process improvements.
- Experience with metrics ownership: defining KPIs, building tracking infrastructure, and reporting on program health to cross-functional stakeholders.
- Exceptional written and verbal communication skills.
- Experience working directly with Legal and GTM teams as a security subject matter expert.
- Demonstrated ability to build and scale AI-assisted workflows — applies AI tooling to Security Assurance activities like contract review, questionnaire completion, clause library maintenance, pattern analysis, and reporting to materially increase throughput.

## Nice-to-Haves
- Experience redlining security contract language directly, beyond providing advisory feedback.

## Similar roles

- [Senior Security Operations Engineer](https://hotfix.jobs/jobs/3e910dc8-4352-4804-9348-3b592864acc7) - Dispel - Remote - $136k – $155k/yr
- [Senior Security Engineer, Corporate Security](https://hotfix.jobs/jobs/3c8564ac-e0e4-4d18-b893-d906eabac69d) - Lyft - Seattle, WA - $136k – $170k/yr
- [Senior Software Engineer, Security](https://hotfix.jobs/jobs/2808ff1a-3f60-4180-8968-06a0d53adbd4) - Teleport - Remote - $138k – $342k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/630bb407-e99d-4b50-b161-b05a56c055c2) - Chainguard - Remote - $130k – $160k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/58cd9f20-ffb4-4e16-a7d0-e1001914a55f) - Chainguard - Remote - $130k – $150k/yr

**Apply:** https://hotfix.jobs/jobs/157d6a84-eda7-4365-93ab-baf6b406c89f
**Canonical:** https://hotfix.jobs/jobs/157d6a84-eda7-4365-93ab-baf6b406c89f