Compensation Transparency Salary: $150,000 - $165,000 At Earned, we are committed to fair and transparent compensation. Base salary is market-driven and determined at the time of offer based on benchmarks such as role-specific market data, company stage, and factors such as internal equity, relevant experience, interview performance, location, and level. About Earned Earned is a category-defining, first-in-kind tax-smart financial services firm dedicated to serving doctors, their families, and their practices. Our goal is to be the only financial partner doctors need by seamlessly integrating personal and practice-based solutions to maximize their wealth potential and drive better financial outcomes. What sets Earned apart is our strategic growth model. We have secured an initial $200M commitment to fuel an aggressive M&A strategy, acquiring and integrating best-in-class financial services firms to expand our capabilities and accelerate our vision. Backed by leading investors—including Summit Partners, Silversmith Capital, Juxtapose, Hudson Structured, and Breyer Capital—we are rapidly scaling to redefine financial services for medical professionals. Our technology-driven approach, supported by fiduciary experts and modern tax-smart tools, ensures clients have a clear, real-time view of their financial trajectory through our iOS app and beyond. Join us as we build the future of financial services for doctors—faster, smarter, and at scale. Job Summary Earned is hiring an Information Security Lead to own and operate our security governance, compliance, and risk programs. This is a hands-on individual contributor role focused on building, running, and continuously improving Earned’s security control system. You will take ownership of Earned’s Written Information Security Program (WISP), ensure it is operational in practice, and lead SOC 2 readiness and audits to validate and evidence those controls. You will partner closely with IT, Engineering, Legal, and system owners, and support security governance during acquisitions and system integrations as needed to maintain Earned’s security posture. Key Responsibilities • Own the WISP and security policy framework: Own and continuously improve Earned’s Written Information Security Program (WISP), including applicable jurisdiction-specific requirements (e.g., GLBA, SEC Reg S-P, state-level data security obligations), and maintain supporting security and privacy policies, standards, and procedures (access control, data handling, business continuity and incident response governance, intercompany agreements, responsible use of AI). • Own SOC 2 delivery: Lead SOC 2 Type I readiness and audit, then operate the ongoing program to achieve and maintain SOC 2 Type II, including audit planning, evidence strategy, timelines, and direct interaction with auditors. • Partner on control implementation: Work closely with IT and Engineering to define control requirements and verify evidence for technical and operational controls across core platforms (e.g., arenaflex 365 for corporate systems and AWS for product infrastructure), with implementation owned by those teams. • Evidence and access reviews (SOC 2 controls): Operate the compliance cadence in Vanta, including evidence collection and periodic access reviews, and define standards for privileged access in partnership with IT. • Risk visibility and tracking: Identify and document security and compliance risks, track remediation with control owners, and provide clear visibility into risk status and priorities for leadership. • Vendor risk (critical vendors): Personally run security risk assessments for tier-1 vendors, including reviews, risk acceptance, and renewal cadence. • CCPA runway: Define the program structure and readiness plan for CCPA as a medium-term initiative and partner with Legal and Operations on execution when prioritized. Key Requirements • Bachelor’s degree in a related field • 5+ years of hands-on experience in GRC, security compliance, IT audit, or security program management • Direct experience delivering or operating a SOC 2 program, including readiness, evidence, and audits • Strong ability to translate policies into clear, implementable, and auditable controls • Experience operating compliance programs end-to-end, including evidence systems, workflows, and issue tracking • Strong written communication and documentation skills • Comfortable working independently, prioritizing effectively, and driving progress through influence rather than authority Preferred Requirements • Experience in financial services, fintech, or similarly regulated environments • Familiarity with GLBA, SEC Reg S-P, NIST CSF, ITGC concepts, and vendor risk practices • Experience with Vanta • Experience supporting security governance during acquisitions or system integrations • Security certifications such as CISA, CRISC, or CISSP are a plus Benefits • An attractive total compensation package • Employer-sponsored health insurance (medical, dental, vision) • 401k + 5% match Earned is committed to offering equal employment opportunity in all employment practices and employment decisions are based on an individual’s job qualifications and abilities. Earned prohibits discrimination based on race, creed, color, religion, national origin, ancestry, sex, gender (including gender identity, gender expression and being transgender), sexual orientation, marital status, registered domestic partner status, citizenship status, age, military and veteran status, medical condition, genetic information, political affiliation, disability, medical condition, or any other basis protected by federal, state, or local law or ordinance or regulation. Earned also prohibits discrimination based on the perception that anyone has any of these characteristics or is associated with a person who has or is perceived as having any of those characteristics. All such discrimination is unlawful. Apply tot his job