Security GRC Analyst
About Us:
Monarch is a powerful, all-in-one personal finance platform designed to help make the complexity of finances feel simple again. Since launching in 2021, we’ve become the top-recommended personal finance app by users and experts. Our goal? To take the stress out of finances so our members can focus on what truly matters.
We are a team of do-ers led by experienced entrepreneurs who are passionate about helping our members reach their financial goals. We are hyper focused on building a product people love and continuing to evolve based on user feedback.
As a fully remote company (even before COVID!), we welcome applicants from almost anywhere. Our team collaborates synchronously mostly from 9 AM – 2 PM PT and embraces asynchronous work to stay connected across time zones.
Join us on our mission to transform lives by simplifying money, together.
The Role:
Monarch is seeking a Security GRC Analyst to join our Security team during a period of growth. Reporting directly to the Head of Software Infrastructure, you will take point on scaling our compliance program and customer security assurance function; enabling the company to respond to increasing inbound partnership opportunities, onboard vendors safely, and maintain compliance without consuming engineering time. We have a solid foundation (SOC2 Type 2 certified), but no dedicated owner within the team. You'll own the day-to-day while building the tooling and workflows to handle increasing volume as we grow.
What You’ll Do:
Scale, automate, and optimize existing GRC, compliance, and customer assurance programs, including security questionnaires, evidence requests, trust center content, and knowledge base.
Optimize and automate an existing third-party risk program by improving risk signal quality, automating evidence collection, and reducing assessment cycle time.
Evaluate, implement and maintain GRC tooling (Vanta, Drata, SafeBase, etc.) with a focus on AI-powered automation to minimize operational overhead.
Mature existing SOC 2 program by strengthening continuous controls monitoring, reducing audit prep effort, and increasing confidence in automated evidence completeness.
Research, recommend and implement additional frameworks and attestations (ISO 27001, CSA STAR, etc.) to position Monarch as a security leader in personal finance.
What You’ll Bring:
3-5 years operating and scaling mature GRC, compliance, or customer assurance programs in high-growth environments.
Hands-on experience with customer assurance (security questionnaires, evidence requests, RFPs).
Hands-on experience with SOC2, CCPA/GDPR compliance and understanding of other frameworks (e.g. ISO 27001).
Hands-on experience with Continuous Controls Monitoring and compliance automation tools (Vanta, Drata, Oneleet, SafeBase, or similar).
Strong written communication skills to support internal and external engagements such as customer-facing responses.
Comfort with ambiguity and building process from scratch.
Ability to identify process anti-patterns (manual evidence requests, one-off questionnaires, duplicate controls) and replace them with durable, automated solutions.
Nice to Haves:
Fintech or financial services background.
Familiarity with cloud infrastructure (AWS) and modern SaaS stack.
Experience in a high-growth startup environment within B2B SaaS.
Experience leveraging AI tools (Claude, ChatGPT) for GRC workflowsRelevant certifications (CISA, CRISC, Security+).
Experience partnering with IT to implement Corporate Security controls over SaaS, identity and access management (IAM), and endpoint security.
Benefits :
Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.
Competitive cash and equity compensation in a hyper growth, early stage company 🚀.
Stipend to set-up your ideal working environment.
Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).
Unlimited PTO.
3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!
We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
About the job
Apply for this position
Security GRC Analyst
About Us:
Monarch is a powerful, all-in-one personal finance platform designed to help make the complexity of finances feel simple again. Since launching in 2021, we’ve become the top-recommended personal finance app by users and experts. Our goal? To take the stress out of finances so our members can focus on what truly matters.
We are a team of do-ers led by experienced entrepreneurs who are passionate about helping our members reach their financial goals. We are hyper focused on building a product people love and continuing to evolve based on user feedback.
As a fully remote company (even before COVID!), we welcome applicants from almost anywhere. Our team collaborates synchronously mostly from 9 AM – 2 PM PT and embraces asynchronous work to stay connected across time zones.
Join us on our mission to transform lives by simplifying money, together.
The Role:
Monarch is seeking a Security GRC Analyst to join our Security team during a period of growth. Reporting directly to the Head of Software Infrastructure, you will take point on scaling our compliance program and customer security assurance function; enabling the company to respond to increasing inbound partnership opportunities, onboard vendors safely, and maintain compliance without consuming engineering time. We have a solid foundation (SOC2 Type 2 certified), but no dedicated owner within the team. You'll own the day-to-day while building the tooling and workflows to handle increasing volume as we grow.
What You’ll Do:
Scale, automate, and optimize existing GRC, compliance, and customer assurance programs, including security questionnaires, evidence requests, trust center content, and knowledge base.
Optimize and automate an existing third-party risk program by improving risk signal quality, automating evidence collection, and reducing assessment cycle time.
Evaluate, implement and maintain GRC tooling (Vanta, Drata, SafeBase, etc.) with a focus on AI-powered automation to minimize operational overhead.
Mature existing SOC 2 program by strengthening continuous controls monitoring, reducing audit prep effort, and increasing confidence in automated evidence completeness.
Research, recommend and implement additional frameworks and attestations (ISO 27001, CSA STAR, etc.) to position Monarch as a security leader in personal finance.
What You’ll Bring:
3-5 years operating and scaling mature GRC, compliance, or customer assurance programs in high-growth environments.
Hands-on experience with customer assurance (security questionnaires, evidence requests, RFPs).
Hands-on experience with SOC2, CCPA/GDPR compliance and understanding of other frameworks (e.g. ISO 27001).
Hands-on experience with Continuous Controls Monitoring and compliance automation tools (Vanta, Drata, Oneleet, SafeBase, or similar).
Strong written communication skills to support internal and external engagements such as customer-facing responses.
Comfort with ambiguity and building process from scratch.
Ability to identify process anti-patterns (manual evidence requests, one-off questionnaires, duplicate controls) and replace them with durable, automated solutions.
Nice to Haves:
Fintech or financial services background.
Familiarity with cloud infrastructure (AWS) and modern SaaS stack.
Experience in a high-growth startup environment within B2B SaaS.
Experience leveraging AI tools (Claude, ChatGPT) for GRC workflowsRelevant certifications (CISA, CRISC, Security+).
Experience partnering with IT to implement Corporate Security controls over SaaS, identity and access management (IAM), and endpoint security.
Benefits :
Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere.
Competitive cash and equity compensation in a hyper growth, early stage company 🚀.
Stipend to set-up your ideal working environment.
Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan).
Unlimited PTO.
3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun!
We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.