Valon Tech - Head of Security GRC

• Manage and expand Valon's security and privacy compliance program across key frameworks and regulations (e.g., SOC 2, NYDFS Cybersecurity Regulation, FTC Safeguards Rule, CCPA and evolving regulations) • Build and scale modern Security GRC capabilities that leverage AI-enabled tools and processes, reducing manual overhead while optimizing risk and compliance operations • Support AI security standards development and risk processes • Design, develop and monitor technical security controls • Lead audit preparation and management • Maintain and evolve Valon's risk management practices; facilitate risk assessments across teams and track remediation of identified issues to closure • Develop, publish, and maintain security policies, standards, and procedures in partnership with IT, Engineering and Legal • Build and mature Valon's Data Governance program including secure data handling practices • Enhance BC/DR risk management practices and processes • Partner with Engineering and Product to assess security compliance implications of new features, infrastructure changes, and data flows • Manage security compliance, regulatory requirements, and customer-facing due diligence, while supporting operational security activities including advisory reviews, incident management, and issue remediation • IDEAL BACKGROUND • Proven experience owning a security GRC program at a tech or fintech organization • Strong experience designing, developing and implementing technical security and privacy controls • Deep familiarity with SOC, NYDFS Part 500, FTC Safeguards Rule, and CCPA; experience with NIST CSF, ISO 27001 and related frameworks • Hands-on experience building or maturing a data governance program, including classification frameworks, retention policies, and data subject rights workflows • Knowledge of BC/DR controls - BIA, RTO/RPO, recovery playbooks, and tabletop exercises • Strong track record managing external audits end-to-end — scoping, evidence coordination, findings remediation • Familiarity with AI governance and risk frameworks, including assessing security risks introduced by LLM and agentic systems • Experience applying AI tools to security and/or GRC processes • Ability to translate technical security controls into clear compliance narratives for auditors, customers, and executives • Applied knowledge with industry security and compliance frameworks (NIST, CIS, SOC 2/ISO 27001 concepts) • Hands-on in both developing and operating security processes day-to-day (builder and operator) • Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders • Experience working in high-growth or startup environments is a plus