Skip to content
GreenboardGreenboardNew York, NY

Head of Technical Security

Leads technical security, compliance (SOC 2, GDPR, ISO 42001), vulnerability management, and infrastructure hardening for a fast-growing fintech. Requires 3-7 years in security engineering with hands-on AWS, vuln tooling, and audit experience.

185k – 300k
On-siteSecurity Engineering

About the role

What You'll Do

Technical Security

  • Detect, triage, and drive remediation of vulnerabilities across the stack — infrastructure, application, and network.
  • Manage third-party penetration tests and coordinate internal response to findings.
  • Integrate security into the development lifecycle: code review guardrails, SAST/DAST tooling, dependency scanning, and developer security guidance.
  • Own credential and secrets management, including rotation policies, vault configuration, and access controls.
  • Manage infrastructure patching and hardening, working with engineering to keep systems current without disrupting delivery.

Security Compliance & Frameworks

  • Own our SOC 2 compliance program end-to-end, including audit preparation, evidence collection, and remediation tracking.
  • Maintain and mature our GDPR compliance posture, partnering with legal and product to ensure data protection requirements are met.
  • Lead our ISO 42001 certification efforts, establishing and maintaining the required AI management system controls.
  • Research and implement additional compliance frameworks as we expand into new markets, acting as the internal authority on what's required and when.

Vendor & Customer Security Diligence

  • Manage inbound security diligence requests that arise during client sales processes — completing questionnaires, coordinating evidence, and joining calls as needed.
  • Build and maintain a vendor security review process for evaluating third-party tools and services before they're adopted.
  • Maintain a library of up-to-date security documentation (policies, SOC 2 reports, architecture diagrams) to accelerate deal cycles.

IT & Device Security

  • Manage endpoint security across the company — MDM, disk encryption, OS patching, and device compliance policies.
  • Maintain and enforce access control policies for corporate tools and systems (SSO, MFA, least-privilege access).

What We're Looking For

  • 3–7 years of experience in security engineering, application security, or infrastructure security roles.
  • Hands-on experience with SOC 2 audits and at least one other compliance framework (GDPR, ISO 27001, PCI-DSS, or similar).
  • Strong technical foundation — you're comfortable reading code, reviewing AWS infrastructure, and working in a CI/CD environment.
  • Experience with vulnerability management tooling (e.g., Snyk, Semgrep, Qualys, Burp Suite, or equivalents).
  • Familiarity with AWS Secrets Manager and IAM best practices.
  • Experience managing or coordinating third-party pentests.
  • Clear, low-ego communication style — you can explain a risk to an engineer and a compliance requirement to a salesperson with equal clarity.
  • Comfort with ambiguity and ownership. This is a build-it role, not a maintain-it role.

Nice to Have

  • Prior experience at a fintech or other regulated-industry startup.
  • Familiarity with ISO 42001 or AI governance frameworks.
  • Experience with MDM platforms.
  • Background supporting international expansion from a security/compliance perspective.

Benefits

  • Salary range: $185,000–$300,000 + meaningful equity
  • 401(k) with 5% company match
  • Medical, dental, and vision coverage
  • 15 days PTO + 11 company holidays + flexible sick time
  • 2 additional PTO days for each year of service (up to 10 additional days)
  • 10 remote days per year plus additional around the holidays
  • Bi-annual off-sites and team retreats

Skills

SOC 2GDPRAWSIAMSecrets ManagerSnykSemgrepQualysBurp SuiteSASTDASTCI/CDPenetration TestingMDMSSO
NexHealth

Head of IT & Security

NexHealthSeattle, WA +1

Lead NexHealth's security governance, compliance, IT operations, and incident response. Build and scale the security program and team from the ground up while partnering with engineering and leadership.

175k – 220k
On-site8+ YOESecurity Engineering
Casca

Head of Security & Compliance

CascaSan Francisco, CA

Lead security and compliance for an AI-native banking startup. Build security tooling, manage a team of appsec engineers, own compliance (SOC 2, ISO 27001), and secure AI agent workflows.

200k – 255k
On-site5+ YOESecurity Engineering
Tatari

Head of Security

TatariNew York, NY +2

Lead security engineering team and roadmap for a late-stage AdTech SaaS company. Own incident response, risk management, AWS/K8s security, and compliance programs including SOC 2.

200k – 250k
Hybrid7+ YOESecurity Engineering
Fable Security

Head of IT & Information Security

Fable SecurityUnited States

Lead security, compliance, and IT functions including SOC 2, ISO 27001, privacy, risk management, and external industry presence. Requires 7+ years in security/compliance/IT with direct experience leading compliance programs.

160k – 225k
Remote7+ YOESecurity Engineering
GameChanger

Director, Information Security & Technology

GameChangerNew York, NY

Lead GameChanger's Information Security and IT Operations as Director. Own multi-year security strategy, lead multidisciplinary teams across product security, cloud/AI security, SecOps, GRC, and internal tech support. Partner with executive leadership and parent company DSG while building security culture. Requires 10+ years security experience including people management.

220k – 240k
Remote10+ YOESecurity Engineering