Security GRC Analyst

Monarch is seeking a Security GRC Analyst (Senior/Staff) to join our Security team during a period of growth. Reporting directly to the Head of Software Infrastructure, you will take point on scaling our compliance program and customer security assurance function; enabling the company to respond to increasing inbound partnership opportunities, onboard vendors safely, and maintain compliance without consuming engineering time. We have a solid foundation (SOC2 Type 2 certified), but no dedicated owner within the team. You'll own the day-to-day while building the tooling and workflows to handle increasing volume as we grow.

What You'll Do:

• Scale, automate, and optimize existing GRC, compliance, and customer assurance programs, including security questionnaires, evidence requests, trust center content, and knowledge base.
• Optimize and automate an existing third-party risk program by improving risk signal quality, automating evidence collection, and reducing assessment cycle time.
• Evaluate, implement and maintain GRC tooling (Vanta, Drata, SafeBase, etc.) with a focus on AI-powered automation to minimize operational overhead.
• Mature existing SOC 2 program by strengthening continuous controls monitoring, reducing audit prep effort, and increasing confidence in automated evidence completeness.
• Research, recommend and implement additional frameworks and attestations (ISO 27001, CSA STAR, etc.) to position Monarch as a security leader in personal finance.

• 5+ years operating and scaling mature GRC, compliance, or customer assurance programs in high-growth environments.
• Hands-on experience with customer assurance (security questionnaires, evidence requests, RFPs).
• Hands-on experience with SOC2, CCPA/GDPR compliance and understanding of other frameworks (e.g. ISO 27001).
• Hands-on experience with Continuous Controls Monitoring and compliance automation tools (Vanta, Drata, Oneleet, SafeBase, or similar).
• Strong written communication skills to support internal and external engagements such as customer-facing responses.
• Comfort with ambiguity and building process from scratch.
• Ability to identify process anti-patterns (manual evidence requests, one-off questionnaires, duplicate controls) and replace them with durable, automated solutions.

Nice to Haves:

• Fintech or financial services background.
• Familiarity with cloud infrastructure (AWS) and modern SaaS stack.
• Experience in a high-growth startup environment within B2B SaaS.
• Experience leveraging AI tools (Claude, ChatGPT) for GRC workflows.
• Relevant certifications (CISA, CRISC, Security+).
• Experience partnering with IT to implement Corporate Security controls over SaaS, identity and access management (IAM), and endpoint security.

• Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that's out of your home, a co-working space, or elsewhere.
• Competitive cash and equity compensation in a hyper growth, early stage company .
• Stipend to set-up your ideal working environment.
• Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).
• Unlimited PTO.
• 3 day weekend every month! We take off the "First Friday" every month to focus on rest, recuperation, or just having fun!

Monarch is a powerful, all-in-one personal finance platform designed to help make the complexity of finances feel simple again. Since launching in 2021, we've become the top-recommended personal finance app by users and experts. Our goal? To take the stress out of finances so our members can focus on what truly matters. We are a team of do-ers led by experienced entrepreneurs who are passionate about helping our members reach their financial goals. We are hyper focused on building a product people love and continuing to evolve based on user feedback. As a fully remote company (even before COVID!), we welcome applicants from almost anywhere. Our team collaborates synchronously mostly from 9 AM - 2 PM PT and embraces asynchronous work to stay connected across time zones. Join us on our mission to transform lives by simplifying money, together.