Head of Technical Security

About Greenboard

At Greenboard, we’re building the future of financial compliance. Greenboard is the unified, AI-native compliance operating system for RIAs, fintechs, private funds, hedge funds, and more. It replaces the fragmented mix of legacy tools and automates more than previously possible. By centralizing data and workflows, Greenboard helps firms reduce regulatory risk, simplify their technology stack, modernize how they run compliance, and save money.

Our founding team includes engineers who have scaled products at Amazon, Google, and multiple unicorn startups. We’re backed by Y Combinator, General Catalyst, Base10, and other top-tier investors, and have raised over $20M to date. Brand-name financial institutions already rely on Greenboard — and we’re growing fast.

About the Role

We're looking for a hands-on security engineer to own and scale our security posture as we grow. You'll be the first dedicated security hire on our engineering team, which means you'll have a direct hand in shaping how we think about security — from compliance frameworks and vendor diligence to infrastructure hardening and secure development practices.

This is a high-impact, high-autonomy role. You'll work closely with engineering, product, and business teams to make sure we're building securely, meeting the compliance bar our fintech customers expect, and staying ahead of threats as we expand internationally.

What You'll Do

Technical Security

• Detect, triage, and drive remediation of vulnerabilities across the stack — infrastructure, application, and network.

• Manage third-party penetration tests and coordinate internal response to findings.

• Integrate security into the development lifecycle: code review guardrails, SAST/DAST tooling, dependency scanning, and developer security guidance.

• Own credential and secrets management, including rotation policies, vault configuration, and access controls.

• Manage infrastructure patching and hardening, working with engineering to keep systems current without disrupting delivery.

Security Compliance & Frameworks

• Own our SOC 2 compliance program end-to-end, including audit preparation, evidence collection, and remediation tracking.

• Maintain and mature our GDPR compliance posture, partnering with legal and product to ensure data protection requirements are met.

• Lead our ISO 42001 certification efforts, establishing and maintaining the required AI management system controls.

• Research and implement additional compliance frameworks as we expand into new markets, acting as the internal authority on what's required and when.

Vendor & Customer Security Diligence

• Manage inbound security diligence requests that arise during client sales processes — completing questionnaires, coordinating evidence, and joining calls as needed.

• Build and maintain a vendor security review process for evaluating third-party tools and services before they're adopted.

• Maintain a library of up-to-date security documentation (policies, SOC 2 reports, architecture diagrams) to accelerate deal cycles.

IT & Device Security

• Manage endpoint security across the company — MDM, disk encryption, OS patching, and device compliance policies.

• Maintain and enforce access control policies for corporate tools and systems (SSO, MFA, least-privilege access).

What We're Looking For

• 3–7 years of experience in security engineering, application security, or infrastructure security roles.

• Hands-on experience with SOC 2 audits and at least one other compliance framework (GDPR, ISO 27001, PCI-DSS, or similar).

• Strong technical foundation — you're comfortable reading code, reviewing AWS infrastructure, and working in a CI/CD environment.

• Experience with vulnerability management tooling (e.g., Snyk, Semgrep, Qualys, Burp Suite, or equivalents).

• Familiarity with AWS Secrets Manager and IAM best practices.

• Experience managing or coordinating third-party pentests.

• Clear, low-ego communication style — you can explain a risk to an engineer and a compliance requirement to a salesperson with equal clarity.

• Comfort with ambiguity and ownership. This is a build-it role, not a maintain-it role.

Nice to Have

• Prior experience at a fintech or other regulated-industry startup.

• Familiarity with ISO 42001 or AI governance frameworks.

• Experience with MDM platforms

• Background supporting international expansion from a security/compliance perspective.

Benefits

• Salary range: $185,000–$300,000 + meaningful equity

• 401(k) with 5% company match

• Medical, dental, and vision coverage

• 15 days PTO + 11 company holidays + flexible sick time

• 2 additional PTO days for each year of service (up to 10 additional days)

• 10 remote days per year plus additional around the holidays

• Bi-annual off-sites and team retreats

• Front-row seat to building the operating backbone of modern finance