# Head of Technical Security

**Company:** [Greenboard](https://hotfix.jobs/companies/greenboard)
**Location:** New York, NY
**Role:** Security Engineering
**Salary:** $185k – $300k/yr
**Skills:** SOC 2, GDPR, AWS, IAM, Secrets Manager, Snyk, Semgrep, Qualys, Burp Suite, SAST, DAST, CI/CD, Penetration Testing, MDM, SSO
**Posted:** 2026-04-08

> Leads technical security, compliance (SOC 2, GDPR, ISO 42001), vulnerability management, and infrastructure hardening for a fast-growing fintech. Requires 3-7 years in security engineering with hands-on AWS, vuln tooling, and audit experience.

## Job Description

## What You'll Do

### Technical Security
- Detect, triage, and drive remediation of vulnerabilities across the stack — infrastructure, application, and network.
- Manage third-party penetration tests and coordinate internal response to findings.
- Integrate security into the development lifecycle: code review guardrails, SAST/DAST tooling, dependency scanning, and developer security guidance.
- Own credential and secrets management, including rotation policies, vault configuration, and access controls.
- Manage infrastructure patching and hardening, working with engineering to keep systems current without disrupting delivery.

### Security Compliance & Frameworks
- Own our SOC 2 compliance program end-to-end, including audit preparation, evidence collection, and remediation tracking.
- Maintain and mature our GDPR compliance posture, partnering with legal and product to ensure data protection requirements are met.
- Lead our ISO 42001 certification efforts, establishing and maintaining the required AI management system controls.
- Research and implement additional compliance frameworks as we expand into new markets, acting as the internal authority on what's required and when.

### Vendor & Customer Security Diligence
- Manage inbound security diligence requests that arise during client sales processes — completing questionnaires, coordinating evidence, and joining calls as needed.
- Build and maintain a vendor security review process for evaluating third-party tools and services before they're adopted.
- Maintain a library of up-to-date security documentation (policies, SOC 2 reports, architecture diagrams) to accelerate deal cycles.

### IT & Device Security
- Manage endpoint security across the company — MDM, disk encryption, OS patching, and device compliance policies.
- Maintain and enforce access control policies for corporate tools and systems (SSO, MFA, least-privilege access).

## What We're Looking For
- 3–7 years of experience in security engineering, application security, or infrastructure security roles.
- Hands-on experience with SOC 2 audits and at least one other compliance framework (GDPR, ISO 27001, PCI-DSS, or similar).
- Strong technical foundation — you're comfortable reading code, reviewing AWS infrastructure, and working in a CI/CD environment.
- Experience with vulnerability management tooling (e.g., Snyk, Semgrep, Qualys, Burp Suite, or equivalents).
- Familiarity with AWS Secrets Manager and IAM best practices.
- Experience managing or coordinating third-party pentests.
- Clear, low-ego communication style — you can explain a risk to an engineer and a compliance requirement to a salesperson with equal clarity.
- Comfort with ambiguity and ownership. This is a build-it role, not a maintain-it role.

## Nice to Have
- Prior experience at a fintech or other regulated-industry startup.
- Familiarity with ISO 42001 or AI governance frameworks.
- Experience with MDM platforms.
- Background supporting international expansion from a security/compliance perspective.

## Benefits
- Salary range: $185,000–$300,000 + meaningful equity
- 401(k) with 5% company match
- Medical, dental, and vision coverage
- 15 days PTO + 11 company holidays + flexible sick time
- 2 additional PTO days for each year of service (up to 10 additional days)
- 10 remote days per year plus additional around the holidays
- Bi-annual off-sites and team retreats

## Similar roles

- [Head of IT & Security](https://hotfix.jobs/jobs/e24cae2a-302f-4ca1-a61b-ee0d6e6c56d6) - NexHealth - Seattle, WA - $175k – $220k/yr
- [Head of Security & Compliance](https://hotfix.jobs/jobs/0c31140a-05ba-40ab-a5aa-12713d69cde4) - Casca - San Francisco, CA - $200k – $255k/yr
- [Head of Security](https://hotfix.jobs/jobs/f857e28d-567e-4a7a-8dfd-56496a7b4fa9) - Tatari - New York, NY - $200k – $250k/yr
- [Head of IT & Information Security](https://hotfix.jobs/jobs/f30c568f-e311-4782-97f6-8ec02f856c13) - Fable Security - Remote - $160k – $225k/yr
- [Director, Information Security & Technology](https://hotfix.jobs/jobs/206a3607-4d09-42a8-8ff7-ff8d9b3096f3) - GameChanger - Remote - $220k – $240k/yr

**Apply:** https://hotfix.jobs/jobs/9a93d642-e250-44a9-abd9-37663af395c9
**Canonical:** https://hotfix.jobs/jobs/9a93d642-e250-44a9-abd9-37663af395c9