Information Security Engineer - GRC

Clutch Technologies, Inc.

Job Overview

Location

Brazil

Job Type

Contract

Full Job Description

📋 Description

• As an Information Security Engineer focused on Governance, Risk, and Compliance (GRC) at Clutch Technologies, Inc., you will own and mature the company’s trust foundation by operationalizing security controls, driving evidence collection and continuous monitoring, and partnering with product, engineering, and business teams to reduce risk while enabling speed in a rapidly scaling fintech SaaS platform serving credit unions.
• You will join a small, high-impact Security team that partners closely with Infrastructure, Product Engineering, Legal, and GTM, valuing outcome-oriented builders, clear documentation, and automation over manual audits, working in the open with frequent retros and rapid iteration to support Clutch’s mission of revolutionizing credit union lending through technology.
• Within 3 months, you will baseline the control library mapped to SOC 2, PCI DSS, and key fintech obligations, identify gaps, assign remediation owners in the ticketing system, implement lightweight evidence collection pipelines for top controls (access reviews, backup tests, vulnerability management, CI/CD change management), and complete a security risk register refresh with likelihood and impact ratings, publishing a quarterly risk report.
• Within 6 months, you will lead the next SOC 2 Type II audit cycle end-to-end (auditor coordination, population requests, walkthroughs), roll out a vendor risk management workflow integrated with procurement and Legal (tiering, due diligence, continuous monitoring), partner with Engineering to define secure SDLC checkpoints and automate evidence from GitHub, CI, and cloud, and develop an AI/ML risk assessment framework covering model governance, training data privacy, and shadow AI usage.
• Within 9 months, you will drive PCI DSS certification readiness (SoA ownership, internal audits, management review inputs), establish KPI/KRIs and dashboards for control effectiveness and risk trends consumed by execs and customers, mature incident response playbooks and conduct at least one cross-functional tabletop with measurable improvements, and establish AI governance policies integrating AI risk into the risk register, vendor assessments, and compliance monitoring.
• You will bring 5+ years in GRC, security engineering, or risk management within SaaS or fintech environments, proven experience running SOC 2 Type II and working toward ISO 27001 (including evidence automation and auditor interactions), strong understanding of cloud security controls across AWS, containerized workloads, and modern CI/CD, practical knowledge of secure SDLC, vulnerability management, identity and access management, and third-party risk, ability to translate requirements into actionable ticketed work with clear owners and due dates, excellent written communication for policies, customer questionnaires, and exec-level reporting, familiarity with AI/ML risk frameworks (NIST AI RMF, ISO 42001) and practical experience assessing AI-related risks (model bias, data lineage, shadow AI, third-party AI vendor exposure), and comfort leveraging AI tools to automate compliance workflows, evidence collection, and risk analysis.
• This role offers the opportunity to grow professionally in a high-impact, innovative environment where your work directly contributes to Clutch’s mission of enabling credit unions to serve over 130M Americans with responsible lending, backed by Andreessen Horowitz, while building expertise in AI-integrated GRC practices in a fast-evolving fintech landscape.

🎯 Requirements

• 5+ years of experience in GRC, security engineering, or risk management within SaaS or fintech environments
• Proven experience running SOC 2 Type II audits and working toward ISO 27001, including evidence automation and auditor interactions
• Strong understanding of cloud security controls across AWS, containerized workloads, and modern CI/CD pipelines
• Practical knowledge of secure SDLC, vulnerability management, identity and access management, and third-party risk management
• Ability to translate security and compliance requirements into actionable, ticketed work with clear owners and due dates
• Excellent written communication skills for creating policies, customer questionnaires, and executive-level reports
• Familiarity with AI/ML risk frameworks (e.g., NIST AI RMF, ISO 42001) and experience assessing AI-related risks such as model bias, data lineage, shadow AI, and third-party AI vendor exposure
• Comfort using AI tools to automate compliance workflows, evidence collection, and risk analysis to multiply impact

🏖️ Benefits

• Remote Flexibility: Work from anywhere with the freedom to balance life and career seamlessly
• Unforgettable Off-Sites: Twice-yearly team retreats in exciting destinations to foster collaboration and innovation
• Paid Time Off and National Holidays: 20 PTO days annually plus national holidays for rest and rejuvenation
• Stock Options: Receive equity as part of your compensation package, giving you a stake in Clutch’s success
• Home Office Setup: Dedicated budget to create your ideal remote workspace
• Work Trip Budget: Funding for professional development, work-related trips, and co-working spaces

Skills & Technologies

AWS

GitHub

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Clutch Technologies, Inc.

Visit Website

About Clutch Technologies, Inc.

Clutch Technologies operates a digital platform that lets consumers refinance auto loans, secure lower rates, and manage vehicle financing online. Established in 2016 and headquartered in San Francisco, the company aggregates lender offers, handles title transfers, and provides customer support throughout the refinancing process. Its technology streamlines loan applications, credit checks, and contract e-signatures, aiming to reduce monthly payments for borrowers across the United States.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.