Head of Security GRC

Valon Labs•Remote• Full Time

Posted 1 hour ago• Operations

Compensation

$190,000–$250,000/year

Job Description

About the Company

Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing.

We're a Series C company backed by a16z, transforming industries that others have written off as too complex to innovate.

Rather than build on top of broken legacy systems, we took a different approach: we built and operate our own mortgage servicing business managing $110+ billion in loans. This wasn't the end goal, it was how we deeply understood the complexity needed to build software that actually works in regulated industries.

The results speak for themselves. We've transformed mortgage servicing from a 0% margin business into 60%+ margins while dramatically improving customer experience. Major enterprise contracts are now deploying across the industry.

ValonOS is our unified platform that makes every process structured and programmable and it is perfectly positioned for the AI era. When everything flows through one system with rich data, AI agents don't just automate tasks, they continuously improve entire operations. Mortgage servicing is just the beginning of our vision to transform regulated industries and beyond.

Security at Valon

Our customers entrust us with some of their most sensitive and personal financial information, and it is the ultimate mission of Valon’s Security team to ensure we have sound programs, processes, and automation in place to safeguard our customers’ data. The Security team protects the infrastructure and data for processing billions of dollars of mortgage loans.

In addition to protecting Valon’s internal systems, the Security team partners closely with Product and Engineering to design and deliver secure, scalable, and trustworthy capabilities for ValonOS. As AI becomes central to how Valon builds and operates, our team is responsible for securing AI-powered systems and pipelines while also leveraging AI tools to optimize security and defense capabilities. We work cross-functionally across all teams at Valon to enable security throughout the organization. We engage with external security auditors, pentesting firms, and partners to continuously evaluate Valon’s security posture.

Valon offices are located in New York City and San Francisco, but we fully support remote work!

About the Role

We are seeking an experienced Head of Security Governance, Risk & Compliance (GRC) to lead Valon's governance, risk, and compliance practices. In this role, you'll own the frameworks, governance processes, and cross-functional relationships that keep Valon secure, risk-informed, and compliant with the regulatory and customer requirements of a modern fintech provider. You'll work closely with Engineering, IT, Legal, and executive leadership to translate security, data and resilience requirements into actionable controls and communicate risk posture clearly across the organization. Your work will directly enable Valon to deliver the security guarantees that protect our customers and their data — and position us to meet the rigorous due diligence requirements of institutional partners and regulated financial entities.

Responsibilities

Manage and expand Valon's security and privacy compliance program across key frameworks and regulations (e.g., SOC 2, NYDFS Cybersecurity Regulation, FTC Safeguards Rule, CCPA and evolving regulations)
Build and scale modern Security GRC capabilities that leverage AI-enabled tools and processes, reducing manual overhead while optimizing risk and compliance operations
Support AI security standards development and risk processes
Design, develop and monitor technical security controls
Lead audit preparation and management
Maintain and evolve Valon's risk management practices; facilitate risk assessments across teams and track remediation of identified issues to closure
Develop, publish, and maintain security policies, standards, and procedures in partnership with IT, Engineering and Legal
Build and mature Valon's Data Governance program including secure data handling practices
Enhance BC/DR risk management practices and processes
Partner with Engineering and Product to assess security compliance implications of new features, infrastructure changes, and data flows
Manage security compliance, regulatory requirements, and customer-facing due diligence, while supporting operational security activities including advisory reviews, incident management, and issue remediation

Ideal Background

Proven experience owning a security GRC program at a tech or fintech organization
Strong experience designing, developing and implementing technical security and privacy controls
Deep familiarity with SOC, NYDFS Part 500, FTC Safeguards Rule, and CCPA; experience with NIST CSF, ISO 27001 and related frameworks
Hands-on experience building or maturing a data governance program, including classification frameworks, retention policies, and data subject rights workflows
Knowledge of BC/DR controls - BIA, RTO/RPO, recovery playbooks, and tabletop exercises
Strong track record managing external audits end-to-end — scoping, evidence coordination, findings remediation
Familiarity with AI governance and risk frameworks, including assessing security risks introduced by LLM and agentic systems
Experience applying AI tools to security and/or GRC processes
Ability to translate technical security controls into clear compliance narratives for auditors, customers, and executives
Applied knowledge with industry security and compliance frameworks (NIST, CIS, SOC 2/ISO 27001 concepts)
Hands-on in both developing and operating security processes day-to-day (builder and operator)
Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders
Experience working in high-growth or startup environments is a plus

Minimum Qualifications

7+ years in a progressive security management roles leading security focused technical GRC, compliance, and/or risk management programs
Bachelor's degree in Information Security, Computer Science, Technology or related field
Relevant security certifications (e.g., CISSP, CISM, CRISC, CISA or similar)
Hands-on experience managing compliance audits such as SOC 2, ISO 27001 and others
Experience driving risk management and assessment practices at scale
Applied knowledge of data governance processes and standards

Benefits

Base Compensation Band: $190K - $250K. Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skills
- This Base Compensation pay range applies to our New York City located staff and may differ according to location.
Compensation: Competitive salary with a meaningful stake in the company via equity, and 401k plan
Health & well-being: We’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits
Commuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient
Grow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback
Play together: Quarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners!
Generous time off: Flexible paid time off, sick days, and 11 company holidays
Baby bonding time!: 12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest addition

Throughout the interview process, please remember that emails will only be from valon.com email addresses. We will never ask for any personally identifiable information during the interview process itself. Please reach out to [email protected] if you have any requests to verify the authenticity of an outreach.

Valon is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. Valon makes hiring decisions based solely on qualifications, merit, and business needs at the time.