Governance, Risk and Compliance Manager / Lead

About Clear Street: 

Clear Street is modernizing the brokerage ecosystem. Founded in 2018, Clear Street is a diversified financial services firm replacing the legacy infrastructure used across capital markets. 

We started from scratch by building a completely cloud-native clearing and custody system designed for today’s complex, global market. Our platform is fully integrated with central clearing houses and exchanges to support billions in trading volume per day. We’ve agonized about our data model abstractions, created horizontal scalability, and crafted thoughtful APIs. All so we can provide a best-in-class experience for our clients. 

By combining highly-skilled product and engineering talent with seasoned finance professionals, we’re building the essentials to compete in today’s fast-paced markets.

About the Role

We are a fast-growing fintech company seeking a proactive and highly organized Governance, Risk, and Compliance (GRC) Manager to join our Security & Compliance team. This individual will play a key role in establishing, maturing, and maintaining our governance and risk management frameworks, ensuring ongoing compliance with regulatory, customer, and industry requirements.

The ideal candidate is hands-on, detail-oriented, capable of owning cross-functional initiatives, and comfortable operating in a dynamic startup environment.

Key Responsibilities

Governance & Policy Management

• Develop, maintain, and manage the company’s security and compliance policy framework.
  
  
• Ensure policies are current, properly communicated, approved, and effectively implemented across the organization.
  
  
• Oversee periodic reviews of all internal policies to ensure alignment with regulatory changes, industry best practices, and contractual obligations.
  
  
• Educate teams on policy requirements and drive adherence across the organization.
  
  

Risk Management

• Build, implement, and continuously refine the company’s cyber security risk management framework.
  
  
• Lead risk identification, assessment, scoring, and periodic re-evaluations for technical and non-technical risks.
  
  
• Maintain the corporate risk register.
  
  

Audit & Compliance

• Manage all internal and external audits including SOC 2, ISO 27001, regulatory exams, and customer due-diligence requests.
  
  
• Coordinate and prepare audit evidence, ensuring controls are well-designed and operating effectively.
  
  
• Serve as the primary liaison with external auditors, security assessors, and regulatory bodies.
  
  
• Track audit findings, remediation tasks, and ensure timely closure of identified gaps.
  
  
• Oversee internal compliance testing and continuous monitoring activities.
  
  

Control Framework & Assurance

• Maintain and improve the company’s control inventory aligned with frameworks such as SOC 2, ISO 27001, NIST, PCI, GDPR, etc.
  
  
• Partner with engineering, IT, product, and business teams to ensure controls are implemented and validated.
  
  
• Drive improvements to operational processes to strengthen our compliance posture.
  
  

Qualifications

Required

• 7+ years of experience in GRC, security compliance, risk management, or related functions.
  
  
• Strong understanding of common security frameworks (SOC 2, ISO 27001, NIST CSF, PCI-DSS).
  
  
• Experience managing audits end-to-end.
  
  
• Demonstrated ability to build and maintain governance processes and cross-functional compliance programs.
  
  
• Excellent documentation, communication, and stakeholder-management skills.
  
  
• Experience in technology, fintech, financial services, or other highly regulated industries.
  
  

Preferred

• Experience working in a startup or high-growth environment.
  
  
• Familiarity with GRC platforms (e.g., Vanta, Drata, Tugboat, ServiceNow GRC).
  
  
• Understanding of relevant regulatory requirements (e.g., GLBA, SOX, GDPR, PSD2, NYDFS 500).