• Own and operate Trase's SOC 2 and HIPAA programs end-to-end, including scoping, control design, evidence collection, and remediation tracking. • Lead readiness and execution for additional frameworks as Trase enters new markets, including ISO 27001, FedRAMP, NIST 800-53, CMMC, and ISO 42001. • Manage the full lifecycle of internal and external audits, serving as the primary point of contact for auditors, assessors, and regulators. • Maintain Trase's enterprise risk register, conducting recurring risk assessments across people, process, and technology. • Design, document, and operationalize security policies, standards, and procedures aligned to industry frameworks and Trase's risk appetite. • Own our common control framework in Drata, monitoring and refining controls across overlapping regimes to minimize duplication and audit burden. • Shift Trase's compliance posture from reactive to proactive by implementing continuous control monitoring, automated evidence collection, and recurring control testing. • Define KRIs, KPIs, and reporting cadences that give leadership real-time visibility into the health of the security program. • Identify control gaps, perform root cause analysis, and drive remediation in partnership with control owners across the enterprise. • Enhance and operate Trase's third-party risk management program, including vendor security reviews, ongoing monitoring, and contractual security requirements. • Partner with Legal to ensure DPAs, BAAs, and security addenda meet regulatory and customer requirements. • Serve alongside other subject matter experts or leaders, as a senior representative in customer security reviews, RFPs, and prospect-facing trust conversations. • Maintain trust collateral (SOC 2 reports, security questionnaires, trust portal content) and reduce friction in customer due diligence. • Translate customer and regulator expectations into actionable program requirements. • Partner closely with peers within Trase Security and Compliance, Engineering, and across the enterprise to ensure controls are operating effectively, as designed. • Collaborate with Legal, HR, IT, and Finance on shared control ownership and program execution.

Role Description As the Senior Security Assurance Manager, you will own the strategic governance backbone of Trase's Security and Compliance program, implementing and overseeing the processes, policies, and controls that allow us to operate safely and credibly in highly-regulated markets. You will define and steward Trase's security policies and procedures, lead internal and external audits, and conduct comprehensive risk assessments across the organization. You will be the primary owner of our SOC 2 and HIPAA programs and champion of our broader GRC functions (e.g., risk management, policy documentation, control design, continuous monitoring, etc.). This is a player-coach role. You will operate hands-on across contexts and stakeholder groups while building the team, processes, and tooling that allow Trase's governance capabilities to scale alongside the business. Responsibilities - Compliance Program Ownership - Own and operate Trase's SOC 2 and HIPAA programs end-to-end, including scoping, control design, evidence collection, and remediation tracking. - Lead readiness and execution for additional frameworks as Trase enters new markets, including ISO 27001, FedRAMP, NIST 800-53, CMMC, and ISO 42001. - Manage the full lifecycle of internal and external audits, serving as the primary point of contact for auditors, assessors, and regulators. - Governance, Risk & Control Design - Maintain Trase's enterprise risk register, conducting recurring risk assessments across people, process, and technology. - Design, document, and operationalize security policies, standards, and procedures aligned to industry frameworks and Trase's risk appetite. - Own our common control framework in Drata, monitoring and refining controls across overlapping regimes to minimize duplication and audit burden. - Continuous Monitoring & Control Assurance - Shift Trase's compliance posture from reactive to proactive by implementing continuous control monitoring, automated evidence collection, and recurring control testing. - Define KRIs, KPIs, and reporting cadences that give leadership real-time visibility into the health of the security program. - Identify control gaps, perform root cause analysis, and drive remediation in partnership with control owners across the enterprise. - Vendor & Third-Party Risk - Enhance and operate Trase's third-party risk management program, including vendor security reviews, ongoing monitoring, and contractual security requirements. - Partner with Legal to ensure DPAs, BAAs, and security addenda meet regulatory and customer requirements. - Customer Trust & Sales Enablement - Serve alongside other subject matter experts or leaders, as a senior representative in customer security reviews, RFPs, and prospect-facing trust conversations. - Maintain trust collateral (SOC 2 reports, security questionnaires, trust portal content) and reduce friction in customer due diligence. - Translate customer and regulator expectations into actionable program requirements. - Cross-Functional Partnership - Partner closely with peers within Trase Security and Compliance, Engineering, and across the enterprise to ensure controls are operating effectively, as designed. - Collaborate with Legal, HR, IT, and Finance on shared control ownership and program execution. Qualifications - 10+ years of progressive experience in security assurance, GRC, controls engineering, or information security audit roles, including several years in a senior or program-owning capacity. - Deep, hands-on experience owning or supporting SOC 2 and HIPAA programs end-to-end, including managing external auditors or internal assessors. - Strong working knowledge of additional frameworks including ISO 27001, FedRAMP (Moderate/High), NIST 800-53, NIST CSF, and CMMC, preferably with experience mapping or consolidating their underlying requirements within common control frameworks (CCF). - Demonstrated experience designing and operating continuous control monitoring programs to achieve situational awareness before issues materialize as findings in external contexts (e.g., audits). - Proven ability to author clear, defensible security policies, standards, procedures, and memoranda. - Strong risk management foundation, including hands-on experience conducting risk assessments and maintaining a risk register. - Experience leading customer-facing security reviews, RFP responses, and trust conversations with sophisticated enterprise buyers or partners. - Track record of partnering effectively with engineering and product teams to design controls into systems rather than around them. - Excellent written and verbal communication skills, with the ability to translate between auditors, executives, customers, and engineers. - Strong affinity and practical skill for working with LLMs and AI agents as part of your own workflow—clear judgment on when and how to deploy them to move quickly, orchestrate work, and operate with confidence. Nice to Have - Experience scaling a compliance program inside a high-growth startup or scale-up. - Experience with FedRAMP authorization (3PAO assessment, ATO process), DoD RMF, HITRUST, or StateRAMP. - Familiarity with ISO 42001 or other emerging AI governance frameworks. - Industry-recognized certifications such as CISSP, CISA, CISM, CRISC, or HCISPP. - Experience supporting customers in healthcare, defense, energy, or other regulated verticals. - Familiarity with modern GRC platforms (e.g., ServiceNow IRM, Vanta, Drata, Hyperproof, OneTrust) and a clear point of view on the tradeoffs between them. Benefits - Career track opportunity with potential for rapid advancement with strong performance as the firm grows. - 100% employer paid, comprehensive health care including medical, dental, and vision for you and your family. - Paid maternity and paternity for 14 weeks at employees' normal pay. - Unlimited PTO, with management approval. - Opportunities for professional development and continued learning. - Optional 401K, FSA, and equity incentives available. - Mental health benefits are available through Tara Mind. - Cost effective GLP-1 solutions available through Crux.

• Security Program Management: Manage and execute the company’s information security program, including policies, procedures, controls, security standards, risk assessments, remediation tracking, and ongoing security improvements. • Hands-On Security Operations: Perform day-to-day security activities, including monitoring security tools, reviewing alerts, investigating suspicious activity, coordinating remediation, managing vulnerabilities, and improving detective and preventive controls. • Security Architecture & Technical Controls: Assess, implement, and maintain security controls across enterprise systems, including infrastructure, endpoints, identity platforms, cloud environments, field service applications, mobile devices, and the Microsoft Azure and Microsoft 365 ecosystems. • Incident Response: Maintain and execute the company’s incident response process. Investigate security events, coordinate containment and remediation efforts, document incidents, and work with internal teams and external partners as needed. • Field Service Security Support: Identify and address cybersecurity risks related to field service scheduling systems, mobile device usage, remote workforce access, geographically dispersed operations, and field technician workflows. • Vulnerability & Risk Management: Perform or coordinate vulnerability assessments, risk reviews, security control evaluations, and remediation efforts. Prioritize findings based on business impact, likelihood, and operational risk. • Identity, Access & Endpoint Security: Support and improve identity and access management practices, including user access reviews, privileged access controls, multi-factor authentication, conditional access, endpoint security, and device compliance. • Microsoft Azure & Microsoft 365 Security: Configure, monitor, and improve security across Microsoft Azure and Microsoft 365 environments, including Entra ID, Defender, Purview, Exchange Online, SharePoint, Teams, Intune, and related security capabilities. • Disaster Recovery & Business Continuity Support: Support disaster recovery and business continuity planning from a cybersecurity perspective. Assist with backup protection, recovery testing, ransomware readiness, and resilience planning. • Governance, Compliance & Documentation: Maintain security documentation, policies, procedures, standards, risk registers, audit evidence, and compliance-related materials. Help ensure alignment with applicable cybersecurity best practices and business requirements. • Security Awareness & Training: Promote a practical security awareness culture across the organization, including field technicians, office staff, operations teams, and business users. Support phishing simulations, user education, and security communications. • Vendor & Third-Party Security: Assist with security reviews of vendors, service providers, software platforms, and third-party integrations. Track risks and coordinate follow-up remediation where needed. • Collaboration with IT & Business Teams: Work closely with infrastructure, applications, service desk, operations, and business stakeholders to identify security needs, resolve issues, and implement practical security improvements.

Title: Senior Security Engineer Location: New York, NY, USA; San Francisco, CA, USA Job Description: About the role We are looking for a versatile Security Software Engineer to join our team and operate across product security, application security, infrastructure security, enterprise security, and security/compliance automation. This is a hands-on, high-impact role for someone who enjoys working across the stack-from code and cloud infrastructure to security workflows and compliance systems. You'll help secure our products and platforms while also improving how we scale security through AI, automation, integrations, and continuous monitoring. This role sits at the intersection of engineering, security, and risk/compliance-requiring both technical depth and the ability to translate ambiguous requirements into practical, reliable solutions. The base salary offered for this role and level of experience will begin at $130,000 and go up to $250,000. Full-time employees are also eligible for a bonus, competitive equity package, and benefits. The actual base salary offered may be higher, depending on your location, skills, qualifications, and experience. In this role, you can expect to - Participate in projects that reduce security risks and attack surface within our infrastructure and corporate applications - Perform security reviews across mobile, backend, cloud, and API systems - Conduct penetration testing and threat modeling - Embed security into the SDLC - Build automation, tooling, and guardrails - Streamline vulnerability detection and remediation workflows - Partner with engineering, product, and compliance teams To thrive in this role, you have - 2-6+ years in security or software engineering - Strong coding skills (Python, Go, Ruby) - A desire to scale yourself with AI - Experience with cloud (AWS/GCP) and APIs - Understanding of application and cloud security fundamentals - Experience with automation and integrations - Strong communication and collaboration skills Nice-to-haves - Experience with AI in security workflows - Terraform or infrastructure-as-code experience - Mobile security experience (iOS/Android) - Pen testing or bug bounty experience - Familiarity with GRC tools and frameworks #LI-Hybrid #LI-JL1 A little about us At Chime, we believe that everyone can achieve financial progress. We created Chime-a financial technology company, not a bank*-on the premise that core banking services should be helpful, easy, and free. Through our user-friendly tools and intuitive platforms, we empower our members to take control of their finances and work towards their goals. Whether it's starting a savings account, purchasing a first car or home, launching a business, or pursuing higher education, we're proud to have helped millions unlock their financial potential. We're a team of problem solvers, dreamers, and builders with one shared obsession: our members. From day one, Chimers have worked tirelessly to out-hustle and out-execute competitors to bring our mission to life. Their grit and determination inspire us to work harder every day to deliver the very best experience possible. We each bring an owner's mindset to our work, refusing to be outdone and holding ourselves accountable to meet and exceed the highest bars for our teams, our company, and our members. We believe in being bold, dreaming big, and taking risks, while also working together, embracing our diverse perspectives, and giving each other honest feedback. Our culture remains deeply entrepreneurial, encouraging every Chimer to see themselves as stewards of our mission to help everyday Americans unlock their financial progress. We know that to achieve our mission, we must earn and keep people's trust-so we hold ourselves to the highest standards of integrity in everything we do. These aren't just words on a wall-our values are embedded in every aspect of our business, serving as a north star that guides us as we work to help millions achieve their financial potential. Because if we don't-who will? - Chime is a financial technology company, not a bank. Banking services provided by The Bancorp Bank, N.A. or Stride Bank, N.A., Members FDIC. What we offer for our full-time, regular employees - Our in-office work policy is designed to keep you connected - with four days a week in the office and Fridays from home for those near one of our offices, plus team and company-wide events depending on location. Whether you're coming in regularly or are part of our fully remote program, you'll stay engaged with your work and teammates. - In-office perks including backup child, elder, and/or pet care, plus a subsidized commuter benefit to support your regular commute - Competitive salary based on experience - 401k match plus great medical, dental, vision, life, and disability benefits - Generous vacation policy and company-wide Chime Days, bonus company-wide paid days off - 1% of your time off to support local community organizations of your choice - Annual wellness stipend to use towards eligible wellness related expenses - Up to 24 weeks of paid parental leave for birthing parents and 12 weeks of paid parental leave for non-birthing parents - Access to Maven, a family planning tool, with $15k lifetime reimbursement for egg freezing, fertility treatments, adoption, and more. - In-person and virtual events to connect with your fellow Chimers-think cooking classes, guided meditations, music festivals, mixology classes, paint nights, etc., and delicious snack boxes, too! - A challenging and fulfilling opportunity to join one of the most experienced teams in FinTech and help millions unlock financial progress We know that great work can't be done without a diverse team and inclusive environment. That's why we specifically look for individuals of varying strengths, skills, backgrounds, and ideas to join our team. We believe this gives us a competitive advantage to better serve our members and helps us all grow as Chimers and individuals. Chime is proud to be an Equal Opportunity Employer. We consider qualified applicants without regard to race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, genetic information, veteran status, or any other legally protected basis under provincial, federal, state, and local laws, regulations, or ordinances. We will also consider qualified applicants with criminal histories in a manner consistent with the requirements of state and local laws, including the San Francisco Fair Chance Ordinance, Cook County Ordinance, NYC Fair Chance Act, and the LA City Fair Chance Ordinance, and consistent with Canadian provincial and federal laws. If you have a disability or special need that requires accommodation during any stage of the application process, please contact: benefits@chime.com. To learn more about how Chime collects and uses your personal information during the application process, please see the Chime Applicant Privacy Notice. Create a Job Alert Interested in building your career at Chime Financial, Inc? Get future opportunities sent straight to your email. Create alert Apply for this job - indicates a required field Quick Apply with MyGreenhouse