ABOUT US:
Monarch is a powerful, all-in-one personal finance platform designed to help make the complexity of finances feel simple again. Since launching in 2021, weβve become the top-recommended personal finance app by users and experts. Our goal? To take the stress out of finances so our members can focus on what truly matters.
We are a team of do-ers led by experienced entrepreneurs who are passionate about helping our members reach their financial goals. We are hyper focused on building a product people love and continuing to evolve based on user feedback.
As a fully remote company (even before COVID!), we welcome applicants from almost anywhere. Our team collaborates synchronously mostly from 9 AM β 2 PM PT and embraces asynchronous work to stay connected across time zones.
Join us on our mission to transform lives by simplifying money, together.
The Role:
Monarch is seeking a Security GRC Analyst (Senior/Staff) to join our Security team during a period of growth. Reporting directly to the Head of Software Infrastructure, you will take point on scaling our compliance program and customer security assurance function; enabling the company to respond to increasing inbound partnership opportunities, onboard vendors safely, and maintain compliance without consuming engineering time. We have a solid foundation (SOC2 Type 2 certified https://www.reddit.com/r/MonarchMoney/comments/1qj7r1w/monarch_is_officially_soc2_type_2_certified/), but no dedicated owner within the team. You'll own the day-to-day while building the tooling and workflows to handle increasing volume as we grow.
What Youβll Do:
- Scale, automate, and optimize existing GRC, compliance, and customer assurance programs, including security questionnaires, evidence requests, trust center content, and knowledge base.
- Optimize and automate an existing third-party risk program by improving risk signal quality, automating evidence collection, and reducing assessment cycle time.
- Evaluate, implement and maintain GRC tooling (Vanta, Drata, SafeBase, etc.) with a focus on AI-powered automation to minimize operational overhead.
- Mature existing SOC 2 program by strengthening continuous controls monitoring, reducing audit prep effort, and increasing confidence in automated evidence completeness.
- Research, recommend and implement additional frameworks and attestations (ISO 27001, CSA STAR, etc.) to position Monarch as a security leader in personal finance.
What Youβll Bring:
- 5+ years operating and scaling mature GRC, compliance, or customer assurance programs in high-growth environments.
- Hands-on experience with customer assurance (security questionnaires, evidence requests, RFPs).
- Hands-on experience with SOC2, CCPA/GDPR compliance and understanding of other frameworks (e.g. ISO 27001).
- Hands-on experience with Continuous Controls Monitoring and compliance automation tools (Vanta, Drata, Oneleet, SafeBase, or similar).
- Strong written communication skill