×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Security and Compliance Manager

Job in Denver, Denver County, Colorado, 80285, USA
Listing for: Givebutter
Full Time position
Listed on 2026-06-18
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 150000 - 200000 USD Yearly USD 150000.00 200000.00 YEAR
Job Description & How to Apply Below

Role Description

Givebutter is hiring a Security & Compliance Manager to own Givebutter's security function. Your primary mandate is to further harden our critical systems, codify our security roadmap, and implement controls in close partnership with our Product, Design & Engineering (PDE) team. You will also own our certification program (SOC 2, and eventually ISO 27001) and assist with licensing and registration compliance across all US jurisdictions.

This is a hands‑on, high‑autonomy role for someone who has lived through the security challenges of a growth‑stage fintech and knows what it takes to build real defenses, not just check boxes. You will report directly to the General Counsel and work cross‑functionally with PDE, Trust & Safety, IT, and Finance.

We Want To Hear From People Who
  • Have 7+ years of experience in information security, security engineering, GRC, or a related field, with at least 4 years in a fintech, payments, or financial services environment.
  • Have hands‑on experience hardening production systems at a growth‑stage company, not just writing policies about them.
  • Possess deep working knowledge of SOC 2, PCI DSS, and at least one additional framework (NIST CSF, CIS Controls, ISO 27001).
  • Understand modern AI‑era threat vectors and can articulate a defensive strategy against them.
  • Have technical fluency: you can read a cloud infrastructure diagram, understand why a Git Hub permissions model matters, evaluate a pen test report, and translate all of it into actionable guidance for engineering teams.
  • Have managed GRC tools hands‑on (Vanta, Drata, Secureframe, or similar) and driven remediation workflows to closure, not just monitored dashboards.
  • Have led external audits end‑to‑end: auditor relationships, evidence collection, findings remediation, and board‑level reporting.
  • Can build programs, not just maintain them: you thrive in environments where the playbook doesn't exist yet and you need to write it.
  • Communicate complex security and regulatory topics in plain language to non‑technical stakeholders.
  • Have strong judgment about when to elevate, when to act independently, and when to push back.
Bonus Points
  • CISSP, CISM, CISA, or CEH certification.
  • Familiarity with AI security frameworks: NIST AI RMF, MITRE ATLAS, OWASP AI Security and Privacy Guide.
  • Experience with BSA/AML program design, SAR filing, or OFAC sanctions screening.
  • Experience managing bank partner or sponsor bank compliance relationships.
  • Familiarity with Stripe's platform, APIs, and compliance tools.
  • Prior experience at a company operating in the charitable giving, nonprofit, or crowdfunding space.
  • Experience with state charitable fundraising platform/solicitation registration requirements.
  • Track record of building compliance or security programs at a Series A through Series D stage company.
  • CAMS or CRCM certification.
Responsibilities Security Roadmap & Systems Hardening
  • Codify and execute the security roadmap for the organization, prioritizing the further hardening of critical systems (payment infrastructure, donor data stores, authentication flows, API integrations) and ensuring compliance with applicable laws (e.g., data privacy and security).
  • Partner directly with PDE leadership to embed security controls into the development lifecycle: threat modeling, secure code review, vulnerability management, and CI/CD pipeline security tooling (SAST, DAST, SCA).
  • Own the security incident response plan end‑to‑end: detection, containment, investigation, notification, remediation, and post‑incident review.
  • Work with IT to drive identity and access management improvements, including role‑based access controls, MFA enforcement, endpoint security, and session management.
  • Develop a deep understanding of fraud vectors in the fundraising and payments space—stolen cards, synthetic identities, friendly fraud, campaign abuse—and help build systems that adapt as threats evolve.
  • Manage vendor security risk assessments for third‑party tools, integrations, and sub‑processors, with continuous monitoring rather than annual check‑ins.
  • Own the penetration testing program: vendor relationships, testing cadence, findings translation into engineering tickets, and…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search