Senior InfoSec & GRC Lead - Remote

Location Remote - United States Job Category Corporate, Information Technology Employee Type FT Exempt Required Degree 4 Year Degree Travel 10% Minimum Experience 5 Years Description Compensation Transparency Salary: $150,000 - $165,000 At Earned, we are committed to fair and transparent compensation. Base salary is market-driven and determined at the time of offer based on benchmarks such as role-specific market data, company stage, and factors such as internal equity, relevant experience, interview performance, location, and level. About Earned Earned is a category-defining, first-in-kind tax-smart financial services firm dedicated to serving doctors, their families, and their practices. Our goal is to be the only financial partner doctors need by seamlessly integrating personal and practice-based solutions to maximize their wealth potential and drive better financial outcomes. We bring together tax, accounting, wealth management, insurance, and legal services under one platform not as a generic one-stop shop, but to deliver better advice through an integrated view of a doctor’s full financial life. Our differentiation is relationship-led, trust-based selling paired with disciplined execution across the ecosystem. Earned manages $3.4B+ in assets, serves more than 20,000 clients , and is one of the fastest-growing doctor-focused platforms in the country. Backed by $200M of committed capital, we are scaling rapidly through acquisitions and organic growth across multiple service lines. We are building this platform from the ground up, leveraging modern technology, data, and AI to simplify the client experience and make it easier for advisors and sales teams to deliver high-quality advice at scale. Operating across multiple service lines, acquired entities, and client entry points requires a highly disciplined yet relationship-driven go-to-market model that can scale without losing trust. Join us as we build the future of financial services for doctors faster, smarter, and at scale. Job Summary Earned is hiring an Information Security Lead to own and operate our security governance, compliance, and risk programs. This is a hands-on individual contributor role focused on building, running, and continuously improving Earned’s security control system. You will take ownership of Earned’s Written Information Security Program (WISP), ensure it is operational in practice, and lead SOC 2 readiness and audits to validate and evidence those controls. You will partner closely with IT, Engineering, Legal, and system owners, and support security governance during acquisitions and system integrations as needed to maintain Earned’s security posture. Key Responsibilities Own the WISP and security policy framework: Own and continuously improve Earned’s Written Information Security Program (WISP), including applicable jurisdiction-specific requirements (e.g., GLBA, SEC Reg S-P, state-level data security obligations), and maintain supporting security and privacy policies, standards, and procedures (access control, data handling, business continuity and incident response governance, intercompany agreements, responsible use of AI). \ Own SOC 2 delivery: Lead SOC 2 Type I readiness and audit, then operate the ongoing program to achieve and maintain SOC 2 Type II, including audit planning, evidence strategy, timelines, and direct interaction with auditors. Partner on control implementation: Work closely with IT and Engineering to define control requirements and verify evidence for technical and operational controls across core platforms (e.g., Microsoft 365 for corporate systems and AWS for product infrastructure), with implementation owned by those teams. Evidence and access reviews (SOC 2 controls): Operate the compliance cadence in Vanta, including evidence collection and periodic access reviews, and define standards for privileged access in partnership with IT. Risk visibility and tracking: Identify and document security and compliance risks, track remediation with control owners, and provide clear visibility into risk status and priorities for leadership. Vendor risk (critical vendors): Personally run security risk assessments for tier-1 vendors, including reviews, risk acceptance, and renewal cadence. CCPA runway: Define the program structure and readiness plan for CCPA as a medium-term initiative and partner with Legal and Operations on execution when prioritized. Key Requirements Bachelor’s degree in a related field 5+ years of hands-on experience in GRC, security compliance, IT audit, or security program management Direct experience delivering or operating a SOC 2 program, including readiness, evidence, and audits Strong ability to translate policies into clear, implementable, and auditable controls Experience operating compliance programs end-to-end, including evidence systems, workflows, and issue tracking Strong written communication and documentation skills Comfortable working independently, prioritizing effectively, and driving progress through influence rather than authority Preferred Requirements Experience in financial services, fintech, or similarly regulated environments Familiarity with GLBA, SEC Reg S-P, NIST CSF, ITGC concepts, and vendor risk practices Experience with Vanta Experience supporting security governance during acquisitions or system integrations Security certifications such as CISA, CRISC, or CISSP are a plus Benefits An attractive total compensation package Employer-sponsored health insurance (medical, dental, vision) 401k + 5% match Earned is committed to offering equal employment opportunity in all employment practices and employment decisions are based on an individual’s job qualifications and abilities. Earned prohibits discrimination based on race, creed, color, religion, national origin, ancestry, sex, gender (including gender identity, gender expression and being transgender), sexual orientation, marital status, registered domestic partner status, citizenship status, age, military and veteran status, medical condition, genetic information, political affiliation, disability, medical condition, or any other basis protected by federal, state, or local law or ordinance or regulation. Earned also prohibits discrimination based on the perception that anyone has any of these characteristics or is associated with a person who has or is perceived as having any of those characteristics. All such discrimination is unlawful. #J-18808-Ljbffr Silversmith Capital Partners