Job Overview
Location
Remote
Job Type
Full-time
Category
Security Engineer
Date Posted
May 16, 2026
Full Job Description
đź“‹ Description
- • Lead and expand Valon's Security Governance, Risk & Compliance (GRC) program to ensure alignment with SOC 2, NYDFS Cybersecurity Regulation, FTC Safeguards Rule, CCPA, and other evolving regulatory frameworks.
- • Design, develop, and monitor technical security controls that enforce compliance across infrastructure, data flows, and AI-powered systems within ValonOS.
- • Build and mature Valon's Data Governance program, including data classification frameworks, retention policies, and workflows for data subject rights management.
- • Lead end-to-end preparation and management of external audits, including scoping, evidence coordination, finding remediation, and maintaining certification status for SOC 2, ISO 27001, and other standards.
- • Facilitate organization-wide risk assessments, track remediation of identified issues to closure, and maintain evolving risk management practices aligned with business growth.
- • Partner with Engineering and Product teams to assess security and compliance implications of new features, infrastructure changes, and data handling practices.
- • Develop, publish, and maintain comprehensive security policies, standards, and procedures in collaboration with IT, Engineering, and Legal departments.
- • Enhance Business Continuity and Disaster Recovery (BC/DR) risk management through BIA, RTO/RPO definition, recovery playbooks, and tabletop exercises.
- • Apply AI tools to optimize GRC processes, reduce manual overhead, and improve the efficiency of risk detection, compliance monitoring, and audit readiness.
- • Support the development of AI security standards and risk assessment frameworks for LLMs and agentic systems used in Valon’s operations.
- • Translate complex technical security requirements into clear narratives for auditors, customers, executive leadership, and non-technical stakeholders.
- • Manage customer-facing due diligence processes, providing documentation and assurances required by institutional partners and regulated financial entities.
- • Oversee operational security activities including advisory reviews, incident management support, and issue remediation coordination across teams.
- • Maintain direct hands-on involvement in developing and operating daily security compliance processes, acting as both a builder and operator of GRC systems.
- • Ensure security practices are embedded across all departments, fostering a culture of compliance and risk awareness throughout the organization.
- • Engage with external security auditors, penetration testing firms, and third-party partners to continuously evaluate and strengthen Valon’s security posture.
- • Maintain up-to-date knowledge of regulatory trends in fintech and regulated industries, proactively adapting Valon’s GRC program to emerging requirements.
🎯 Requirements
- • 7+ years in progressive security management roles leading technical GRC, compliance, and/or risk management programs
- • Bachelor's degree in Information Security, Computer Science, Technology, or related field
- • Relevant security certifications (e.g., CISSP, CISM, CRISC, CISA or similar)
- • Hands-on experience managing compliance audits such as SOC 2 and ISO 27001
- • Experience driving risk management and assessment practices at scale
- • Applied knowledge of data governance processes and standards
🏖️ Benefits
- • Base Compensation Band: $190K - $250K, determined by experience, qualifications, and skills
- • Competitive salary with meaningful equity stake in the company and 401k plan
- • Comprehensive medical, dental, and vision benefits
- • Pre-tax commuter benefits for public transportation, rideshare services, and parking
- • Flexible paid time off, sick days, and 11 company holidays
- • 12 weeks fully paid baby bonding leave for both birthing and non-birthing parents
Skills & Technologies
Remote
$190k-250k
Degree Required
About Valon Technologies, Inc.
Valon Technologies, Inc. provides cloud-based mortgage servicing software to lenders and loan servicers. Its platform automates payment processing, escrow management, customer communications, and compliance reporting, aiming to replace legacy servicing systems with modern APIs and real-time data access. The company serves banks, credit unions, and non-bank mortgage companies across the United States.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
