Head of Security, GRC

🕒 May 15

🇺🇸 United States – Remote

💵 $190k - $250k / year

⏰ Full Time

🔴 Lead

👮‍♂️ Cybersecurity / Security Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Valon

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2019

💸 Finance

💳 Fintech

🏠 Real Estate

Finance • Fintech • Real Estate

Valon is a residential mortgage servicer, lender, and insurance agency focused on empowering homeowners. The company offers a wide range of services to manage mortgages, provide loans, and offer insurance solutions to homeowners. Valon aims to simplify the process of homeownership through ease, security, and financial expertise, utilizing modern technology to deliver personalized and streamlined services. With a mission to transform the traditional mortgage industry, Valon provides convenient and intuitive platforms for managing mortgages and accessing financial resources, striving for high-quality customer service and competitive rates.

📋 Description

• Manage and expand Valon's security and privacy compliance program across key frameworks and regulations (e.g., SOC 2, NYDFS Cybersecurity Regulation, FTC Safeguards Rule, CCPA and evolving regulations) • Build and scale modern Security GRC capabilities that leverage AI-enabled tools and processes, reducing manual overhead while optimizing risk and compliance operations • Support AI security standards development and risk processes • Design, develop and monitor technical security controls • Lead audit preparation and management • Maintain and evolve Valon's risk management practices; facilitate risk assessments across teams and track remediation of identified issues to closure • Develop, publish, and maintain security policies, standards, and procedures in partnership with IT, Engineering and Legal • Build and mature Valon's Data Governance program including secure data handling practices • Enhance BC/DR risk management practices and processes • Partner with Engineering and Product to assess security compliance implications of new features, infrastructure changes, and data flows • Manage security compliance, regulatory requirements, and customer-facing due diligence, while supporting operational security activities including advisory reviews, incident management, and issue remediation

🎯 Requirements

• Proven experience owning a security GRC program at a tech or fintech organization • Strong experience designing, developing and implementing technical security and privacy controls • Deep familiarity with SOC, NYDFS Part 500, FTC Safeguards Rule, and CCPA; experience with NIST CSF, ISO 27001 and related frameworks • Hands-on experience building or maturing a data governance program, including classification frameworks, retention policies, and data subject rights workflows • Knowledge of BC/DR controls - BIA, RTO/RPO, recovery playbooks, and tabletop exercises • Strong track record managing external audits end-to-end — scoping, evidence coordination, findings remediation • Familiarity with AI governance and risk frameworks, including assessing security risks introduced by LLM and agentic systems • Experience applying AI tools to security and/or GRC processes • Ability to translate technical security controls into clear compliance narratives for auditors, customers, and executives • Applied knowledge with industry security and compliance frameworks (NIST, CIS, SOC 2/ISO 27001 concepts) • Hands-on in both developing and operating security processes day-to-day (builder and operator) • Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders • Experience working in high-growth or startup environments is a plus • 7+ years in a progressive security management roles leading security focused technical GRC, compliance, and/or risk management programs • Bachelor's degree in Information Security, Computer Science, Technology or related field • Relevant security certifications (e.g., CISSP, CISM, CRISC, CISA or similar) • Hands-on experience managing compliance audits such as SOC 2, ISO 27001 and others • Experience driving risk management and assessment practices at scale • Applied knowledge of data governance processes and standards

🏖️ Benefits

• Base Compensation Band: $190K - $250K. • Compensation: Competitive salary with a meaningful stake in the company via equity, and 401k plan • Health & well-being: We’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits • Commuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient • Grow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback • Play together: Quarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners! • Generous time off: Flexible paid time off, sick days, and 11 company holidays • Baby bonding time!: 12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest addition