SecOps-Enterprise-Governance

About Finzly:

Headquartered in Charlotte, NC, and founded in 2012 by visionary minds shaping the future of banking and payments in the US, Finzly makes bank transformation radically simple. Our core-independent platform is trusted by some of the market’s leading financial institutions to transform operations and launch new products and services at speed.

We’ve been recognized with 20+ industry awards in the last two years - including three years in a row as one of the Best and Brightest Places to Work as well as accolades for Best Parallel Core Technology, Best Corporate Payments Solution, Best Payments-as-a-Service Provider, and Best Trading System. Quite simply, Finzly is known for being the best in everything we do, giving you the perfect opportunity to grow your career with impact.

About the Role:

We are a fast-growing Payment Service Provider operating a mission-critical platform on AWS Cloud. Processing millions of transactions daily, we prioritize security, compliance, and operational resilience. As we scale globally, we are strengthening our cloud security posture to meet ISO 27001 and SOC 1/2 standards.

We are seeking an experienced AWS Cloud Security & Compliance Engineer to own the security and governance of our AWS infrastructure. You will design, implement, and maintain controls that ensure least-privilege access, data protection, auditability, and continuous compliance with ISO 27001 and SOC 1/2 requirements.

This is a hands-on role combining cloud architecture, IAM governance, security automation, and compliance documentation.

Responsibilities:

AWS Security & Access Management

• 
  Design and enforce IAM policies, roles, and SCPs using the principle of least privilege.

• Implement AWS Organizations, Control Tower, and GuardDuty, Security Hub, Config, and CloudTrail for centralized governance.

• Manage MFA, SSO (AWS IAM Identity Center), and just-in-time access workflows.

• Conduct regular privilege access reviews and automate user/role lifecycle management.

Compliance & Data Governance

• 
  Lead ISO 27001 and SOC 1/2 control implementation (e.g., A.9, A.12, SC-13, PI-7).

• Own risk assessments, control evidence collection, and audit preparation.

• Develop and maintain data classification, encryption (KMS, SSE), and data residency policies.

• Ensure PCI DSS alignment for payment data flows (in-scope systems).

Security Automation & Monitoring

• 
  Build Infrastructure as Code (IaC) security using Terraform or similar tools.

• Automate compliance checks via AWS Config Rules, Security Hub, and custom Lambda scripts.

• Respond to and triage findings from GuardDuty, Inspector, Macie, and third-party scanners.

Documentation & Reporting

• 
  Maintain System Security Plan (SSP), Risk Register, and control matrices.

• Prepare audit-ready evidence (logs, configs, access reports).

• Train engineering teams on secure AWS practices.

Required Qualifications:

• 10+ years in cloud infrastructure; 5+ years in cloud security; 3+ years focused on AWS.

• Hands-on experience with:
  ✓ AWS IAM, Organizations, SCPs, KMS, CloudTrail, Config, Security Hub
  ✓ Terraform / CloudFormation for secure infrastructure
  ✓ ISO 27001 and SOC 2 control frameworks

• Active AWS certifications: Security Specialty or Solutions Architect Professional (required).

• Experience supporting external audits (SOC 2 Type II, ISO 27001).

• Strong understanding of encryption at rest/transit, network security (VPC, NACLs, WAF), and secrets management.

What We Offer:

• Full Benefits Package - medical, dental and vision coverage with HSA option

• Healthcare FSA and Dependent Care FSA

• Company-paid Life Insurance

• Company-paid Long-Term Disability

• Paid Holidays and generous Paid-Time Off

• Stock Options

• 401k Retirement Plan

• Short Term Disability, Critical Illness and Accident Insurance

• Wellness Programs including Employee Assistance Program

• Annual Cash Bonus and more!

Apply:

Interested candidates can send their resume to Finzly at careers@finzly.com