[Hiring] Information Security Engineer @Clutch

Role Description

As an Information Security Engineer focused on Governance, Risk, and Compliance (GRC) at Clutch, you will own and mature our trust foundation. You will operationalize our security controls, drive evidence collection and continuous monitoring, and partner with product, engineering, and business teams to reduce risk while enabling speed.

You will join a small, high‑impact Security team that partners closely with Infrastructure, Product Engineering, Legal, and GTM. We value outcome‑oriented builders, clear documentation, and automation over manual audits. We work in the open, do frequent retros, and iterate quickly to support a rapidly scaling fintech SaaS platform serving credit unions and their members.

What You’ll Do

Within 3 months, you will:

• Baseline our control library mapped to SOC 2, PCI DSS, and key fintech obligations. Stand up gaps and remediation owners in our ticketing system.
• Implement lightweight evidence collection pipelines for top controls such as access reviews, backup tests, vulnerability management, and CI/CD change management.
• Complete a security risk register refresh with likelihood and impact ratings, and publish a quarterly risk report.

Within 6 months, you will:

• Lead our next SOC 2 Type II audit cycle end‑to‑end, including auditor coordination, population requests, and walkthroughs.
• Roll out a vendor risk management workflow integrated with procurement and Legal, including tiering, due diligence, and continuous monitoring.
• Partner with Engineering to define secure SDLC checkpoints and automate evidence from GitHub, CI, and cloud.
• Develop an AI/ML risk assessment framework covering model governance, training data privacy, and shadow AI usage across the organization.

Within 9 months, you will:

• Drive PCI DSS certification readiness, including SoA ownership, internal audits, and management review inputs.
• Establish KPI/KRIs and dashboards for control effectiveness and risk trends consumed by execs and customers.
• Mature incident response playbooks and conduct at least one cross‑functional tabletop with measurable improvements.
• Establish AI governance policies and integrate AI risk into the existing risk register, vendor assessments, and compliance monitoring.

Qualifications

• 5+ years in GRC, security engineering, or risk management within SaaS or fintech environments.
• Proven experience running SOC 2 Type II and working toward ISO 27001, including evidence automation and auditor interactions.
• Strong understanding of cloud security controls across AWS, containerized workloads, and modern CI/CD.
• Practical knowledge of secure SDLC, vulnerability management, identity and access management, and third‑party risk.
• Ability to translate requirements into actionable, ticketed work with clear owners and due dates.
• Excellent written communication for policies, customer questionnaires, and exec‑level reporting.
• Familiarity with AI/ML risk frameworks (e.g., NIST AI RMF, ISO 42001) and practical experience assessing AI‑related risks such as model bias, data lineage, shadow AI, and third‑party AI vendor exposure.
• Comfort leveraging AI tools to automate compliance workflows, evidence collection, and risk analysis.
• Nice to have: experience with privacy programs, PCI readiness, or financial services regulations, or AI governance; relevant certs (e.g., CISA, CISSP, ISO 27001 LI/LA, ISO 42001) are a plus.

Benefits

• Remote Flexibility: Enjoy the freedom of remote work from anywhere, balancing life and career seamlessly.
• Unforgettable Off-Sites: Twice a year, bond with colleagues in exciting destinations, fostering teamwork and fresh ideas.
• Paid Time Off and National Holidays: Enjoy 20 PTO days yearly and the National Holidays for relaxation and rejuvenation.
• Stock Options: Joining us means having a stake in our success, so you'll receive stock options as part of your compensation package.
• Home Office Setup: Create your ideal workspace with a dedicated budget for home office essentials.
• Work Trip Budget: Grow personally and professionally with a budget for work-related trips and co-working.

Company Description

Clutch is a revolutionary vertical SaaS company, proudly backed by Andreessen Horowitz (A16z), aimed at revolutionizing the way Credit Unions engage and change the lives of their members. As a champion of financial well-being, we address the urgent need for affordable lending solutions in an era where the average American grapples with over $155,000 in household debt. Unlike traditional financial institutions, Clutch develops software to turn Credit Unions into FinTech lenders and leverage their balance sheets to responsibly lend to over 130M Americans.

Our mission extends beyond mere financial transactions; we strive to fundamentally enhance the way credit unions interact with their members. By integrating cutting-edge technologies and user-centric designs, we help credit unions provide seamless digital experiences that are on par with leading tech companies. This approach not only preserves but revitalizes the longstanding tradition of community and member-focused service inherent to credit unions.