Senior Information Security Engineer

Senior Information Security Engineer (GRC) Get AI-powered advice on this job and more exclusive features. About The Role As an Information Security Engineer focused on Governance, Risk, and Compliance (GRC) at Clutch, you will own and mature our trust foundation. You will operationalize our security controls, drive evidence collection and continuous monitoring, and partner with product, engineering, and business teams to reduce risk while enabling speed. About The Team You will join a small, high‑impact Security team that partners closely with Infrastructure, Product Engineering, Legal, and GTM. We value outcome‑oriented builders, clear documentation, and automation over manual audits. We work in the open, do frequent retros, and iterate quickly to support a rapidly scaling fintech SaaS platform serving credit unions and their members. What You’ll Do Within 3 months, you will: Baseline our control library mapped to SOC 2, PCI DSS, and key fintech obligations. Stand up gaps and remediation owners in our ticketing system. Implement lightweight evidence collection pipelines for top controls such as access reviews, backup tests, vulnerability management, and CI/CD change management. Complete a security risk register refresh with likelihood and impact ratings, and publish a quarterly risk report. Within 6 months, you will: Lead our next SOC 2 Type II audit cycle end‑to‑end, including auditor coordination, population requests, and walkthroughs. Roll out a vendor risk management workflow integrated with procurement and Legal, including tiering, due diligence, and continuous monitoring. Partner with Engineering to define secure SDLC checkpoints and automate evidence from GitHub, CI, and cloud. Within 9 months, you will: Drive PCI DSS certification readiness, including SoA ownership, internal audits, and management review inputs. Establish KPI/KRIs and dashboards for control effectiveness and risk trends consumed by execs and customers. Mature incident response playbooks and conduct at least one cross‑functional tabletop with measurable improvements. What You’ll Bring 5+ years in GRC, security engineering, or risk management within SaaS or fintech environments. Proven experience running SOC 2 Type II and working toward ISO 27001, including evidence automation and auditor interactions. Strong understanding of cloud security controls across AWS, containerized workloads, and modern CI/CD. Practical knowledge of secure SDLC, vulnerability management, identity and access management, and third‑party risk. Ability to translate requirements into actionable, ticketed work with clear owners and due dates. Excellent written communication for policies, customer questionnaires, and exec‑level reporting. Nice to have: experience with privacy programs, PCI readiness, or financial services regulations; relevant certs (e.g., CISA, CISSP, ISO 27001 LI/LA) are a plus. What’s In It For You? Remote Flexibility: Enjoy the freedom of remote work from anywhere. Unforgettable Off‑Sights: Twice a year, bond with colleagues in exciting destinations. Paid Time Off and National Holidays: 20 PTO days yearly and national holidays. Stock Options: Receive stock options as part of your compensation package. Home Office Setup: Dedicated budget for home office essentials. Work Trip Budget: Budget for work-related trips and co‑working. About Us Clutch is a revolutionary vertical SaaS company, backed by Andreessen Horowitz (A16z), aiming to revolutionize the way Credit Unions engage and change the lives of their members. We develop software to turn Credit Unions into FinTech lenders and help them responsibly lend to over 130M Americans. Contractor Position This position is offered on a contractor basis. Applicants must have the necessary documentation and authorization to work in the country where the job is located. Clutch cannot provide sponsorship or assist with obtaining work permits for this role. Application Details Seniority level: Mid‑Senior; Employment type: Contract. #J-18808-Ljbffr