Companies you'll love to work for

Senior Information Security Engineer (GRC)

WithClutch

WithClutch

IT
Remote
Posted on Oct 7, 2025

Location

Remote

Employment Type

Contract

Department

Engineering

About the Role

As an Information Security Engineer focused on Governance, Risk, and Compliance (GRC) at Clutch, you will own and mature our trust foundation. You will operationalize our security controls, drive evidence collection and continuous monitoring, and partner with product, engineering, and business teams to reduce risk while enabling speed.

About the Team

You will join a small, high‑impact Security team that partners closely with Infrastructure, Product Engineering, Legal, and GTM. We value outcome‑oriented builders, clear documentation, and automation over manual audits. We work in the open, do frequent retros, and iterate quickly to support a rapidly scaling fintech SaaS platform serving credit unions and their members.

What You’ll Do

Within 3 months, you will:

  • Baseline our control library mapped to SOC 2, PCI DSS, and key fintech obligations. Stand up gaps and remediation owners in our ticketing system.

  • Implement lightweight evidence collection pipelines for top controls such as access reviews, backup tests, vulnerability management, and CI/CD change management.

  • Complete a security risk register refresh with likelihood and impact ratings, and publish a quarterly risk report.

Within 6 months, you will:

  • Lead our next SOC 2 Type II audit cycle end‑to‑end, including auditor coordination, population requests, and walkthroughs.

  • Roll out a vendor risk management workflow integrated with procurement and Legal, including tiering, due diligence, and continuous monitoring.

  • Partner with Engineering to define secure SDLC checkpoints and automate evidence from GitHub, CI, and cloud.

Within 9 months, you will:

  • Drive PCI DSS certification readiness, including SoA ownership, internal audits, and management review inputs.

  • Establish KPI/KRIs and dashboards for control effectiveness and risk trends consumed by execs and customers.

  • Mature incident response playbooks and conduct at least one cross‑functional tabletop with measurable improvements.

What You’ll Bring

  • 5+ years in GRC, security engineering, or risk management within SaaS or fintech environments.

  • Proven experience running SOC 2 Type II and working toward ISO 27001, including evidence automation and auditor interactions.

  • Strong understanding of cloud security controls across AWS, containerized workloads, and modern CI/CD.

  • Practical knowledge of secure SDLC, vulnerability management, identity and access management, and third‑party risk.

  • Ability to translate requirements into actionable, ticketed work with clear owners and due dates.

  • Excellent written communication for policies, customer questionnaires, and exec‑level reporting.

  • Nice to have: experience with privacy programs, PCI readiness, or financial services regulations; relevant certs (e.g., CISA, CISSP, ISO 27001 LI/LA) are a plus.

Please note that this role may evolve as our business needs change, so we appreciate your flexibility and adaptability.

What’s In It For You?

  • Remote Flexibility: Enjoy the freedom of remote work from anywhere, balancing life and career seamlessly.

  • Unforgettable Off-Sites: Twice a year, bond with colleagues in exciting destinations, fostering teamwork and fresh ideas.

  • Paid Time Off and National Holidays: Enjoy 20 PTO days yearly and the National Holidays for relaxation and rejuvenation.

  • Stock Options: Joining us means having a stake in our success, so you'll receive stock options as part of your compensation package.

  • Home Office Setup: Create your ideal workspace with a dedicated budget for home office essentials.

  • Work Trip Budget: Grow personally and professionally with a budget for work-related trips and co-working.

About Us

Clutch is a revolutionary vertical SaaS company, proudly backed by Andreessen Horowitz (A16z), aimed at revolutionizing the way Credit Unions engage and change the lives of their members. As a champion of financial well-being, we address the urgent need for affordable lending solutions in an era where the average American grapples with over $155,000 in household debt. Unlike traditional financial institutions, Clutch develops software to turn Credit Unions into FinTech lenders and leverage their balance sheets to responsibly lend to over 130M Americans. Our mission extends beyond mere financial transactions; we strive to fundamentally enhance the way credit unions interact with their members. By integrating cutting-edge technologies and user-centric designs, we help credit unions provide seamless digital experiences that are on par with leading tech companies. This approach not only preserves but revitalizes the longstanding tradition of community and member-focused service inherent to credit unions.

Please note: This position is offered on a contractor basis. Applicants must have the necessary documentation and authorization to work in the country where the job is located. Clutch cannot provide sponsorship or assist with obtaining work permits for this role.

A Note About AI at Clutch
We love AI. We use it often and encourage our team to creatively and effectively leverage AI tools in their work. If you join Clutch, we hope you'll bring the same enthusiasm for exploring how AI can amplify impact, productivity, and innovation.

That said, during the interview process, we want to hear your thoughts. Please approach interviews without the use of AI tools—our goal is to get to know how you think, solve problems, and communicate. Once you're in the seat, bring on the prompts!