About RiskExec

RiskExec is a rapidly growing SaaS company that delivers a best-in-class compliance analytics and reporting platform to help financial institutions and lenders comply with key government regulations and unlock new growth opportunities.

Working at RiskExec

At RiskExec, we’re building a world class Compliance and Business Intelligence Platform trusted by regulated financial institutions including banks, credit unions, and fintech lenders. We help our clients confidently navigate complex regulatory requirements while achieving business growth. Our high-performing team thrives in a dynamic, fast-paced environment that requires maximum professionalism, flexibility, and responsiveness. We value driven individuals who embrace ownership and accountability, excel at collaborating closely with teammates, and dedicate themselves fully to delivering exceptional outcomes. As an entrepreneurial organization, the demands of our business don’t always fit into a “traditional 9-5” schedule. 

The Opportunity

RiskExec sells into banks and credit unions that expect disciplined governance, provable controls, and rapid, defensible responses to vendor risk scrutiny. This role exists now because we need a single owner accountable for the governance system that underpins trust: how policies are set and maintained, how risks are recorded and adjudicated, how controls stay effective, and how we prove it—fast.

You will own our SOC 2 program, enterprise due diligence execution, and Trust Center, while also operating as the company’s governance lead: turning “security and compliance” into an operating system with clear decision rights, measurable outcomes, and audit-grade traceability. You will use AI as leverage to reduce cycle time, improve consistency, and keep RiskExec continuously ready.

We are prioritizing candidates in the Washington, DC, Chicago, and Knoxville areas.  We will consider candidates based in the United States (remote) ET and CT time zones.

What You Will Do

What you will own:

• Governance system ownership: the structure, cadence, and decisioning for risk, controls, policies, exceptions, and accountability (including executive-level reporting).
• Risk management operating rhythm: risk register quality, risk acceptance workflows, exception handling, and control ownership clarity across the org.
• SOC 2 end-to-end ownership: readiness, evidence strategy, auditor management, remediation tracking, and year-round audit posture.
• Vendor risk & due diligence execution: DDQs/SIGs, procurement security reviews, customer risk calls, and follow-up threads that unblock revenue.
• Trust Center as a product: content strategy, publishing governance, accuracy guarantees, and ongoing maintenance tied to real architecture and controls.
• Compliance proof library: a centralized, version-controlled repository of reusable, bank-ready narratives and evidence with clear freshness/expiry rules.
• AI-enabled compliance operations: the workflows, controls, and QA process that make AI output reliable, repeatable, and audit-aligned.

How You Will Drive Impact

You will build a governance-and-compliance engine that runs on cadence, not heroics:

• Governance cadence:
• • Weekly: evidence/control hygiene and deal support triage
  • Monthly: risk register updates, vendor reviews, and exception log review
  • Quarterly: control effectiveness reviews, policy refresh cycles, executive readouts
  • Pre-audit: a defined sprint with zero scrambling because the system is already current
• Decision authority (explicit):
• • Set the standard for what RiskExec can claim externally—and stop claims that aren’t
  • provable.
  • Require remediation plans with owners/dates for control gaps.
  • Own risk acceptance workflow and escalate material risks to exec leadership with
  • Recommendations.
• AI is part of the operating model (expected outcomes):
• • Build AI-assisted DDQ/SIG response workflows that pull from approved internal sources and the proof library.
  • Use AI to draft/refresh policies and control narratives, then apply human review and audit alignment checks.
  • Automate evidence summaries, Trust Center updates, and change-detection prompts tied to product/infra changes.
  • Establish guardrails: source-of-truth requirements, red-team review for  hallucination risk, and version control.
• Success metrics (measured outcomes):
• • SOC 2: on-time milestones, evidence completeness, remediation cycle time, reduction in audit findings
  • Due diligence: turnaround time, follow-up volume reduction, win-rate impact in security reviews
  • Governance: risk register accuracy, exception aging, control ownership clarity, policy freshness SLAs
  • Trust Center: content freshness, adoption/usage, reduction in repetitive customer questions

Cross-Functional & Executive Interfaces

You will partner closely with:

• Executive leadership: governance reporting, material risk escalation, risk acceptance recommendations, audit readiness status.
• Engineering / DevOps / Security: control design reality, evidence automation, SDLC controls, incident response, and architecture narratives.
• Sales / Solutions / CS: deal acceleration via clear, consistent, defensible answers; customer risk calls.
• Legal: external claims, DPAs, subprocessor disclosures, contractual security terms.
• People Ops / Finance / IT Ops: HR controls, onboarding/offboarding, asset management, vendor governance inputs.

Natural tension you will manage: sales urgency vs provable posture, engineering velocity vs control stability, “marketing language” vs audit-grade truth

Qualifications

Required

• 4–7+ years in GRC, IT Audit, Vendor Risk, or InfoSec Compliance in SaaS / fintech / regulated environments.
• Owned at least two SOC 2 audits (Type I and/or Type II) end-to-end, including auditor interaction and remediation management.
• Can lead bank/credit union vendor risk conversations with confidence; can explain controls and architecture without hand-waving.
• Practical familiarity with SOC 2 and mapping concepts across NIST / CIS / ISO 27001 / GLBA.
• Strong writing and structured thinking: you produce concise, defensible responses that survive scrutiny.
• Governance ownership experience: you’ve built or run policy/control/risk governance with real cadence, decision rights, and traceability.

Preferred

• Certifications: CISA, CISM, CISSP, CRISC, CCSK.
• Trust Center ownership experience (security portal, content governance, publishing workflows).
• Familiarity with Azure and cloud control evidence patterns.
• Experience in high-expectation buyer environments (banks, credit unions, regulated fintech).

Skills & Attributes

• Governance-first mindset: you turn ambiguity into clear decision rights, operating cadence, and accountability.
• Speed with precision: fast turnaround without inventing facts or degrading audit posture.
• AI-native execution with guardrails: you leverage AI aggressively, but validate like an auditor and publish like a security leader.
• Systems builder: you reduce repeat work through libraries, automation, and disciplined versioning.
• Executive-grade communication: crisp updates, clear escalation, recommendations—not noise.

Why Join Our Team?

• You'll join at a true inflection point, with the opportunity to define the next-generation operating model and leave a lasting imprint on how the company scales
•  You'll contribute to a growing, purpose-driven fintech product making compliance easier and fair lending more transparent
• You'll work with modern tools and frameworks in a supportive, learning-focused environment
• You'll have the opportunity to shape how we scale our technology, modernize legacy systems, and innovate for the future
• You'll join a collaborative team that values ownership, integrity, and continuous improvement
• You'll receive a competitive compensation and benefits package, including health, dental, vision, and 401(k) with company match

RiskExec's Core Values

WE PUT CUSTOMERS FIRST — We keep our clients at the heart of everything we do. We build strong, trusting partnerships by prioritizing open communication and responsiveness, ensuring our platform always aligns with their needs. Their success is our shared commitment.

WE INNOVATE WITH PURPOSE — We build thoughtful, high-quality solutions that deliver maximum impact, strategically crafted to solve complex challenges with a best-in-class, evolving platform.

WE ARE FAST — We deliver with speed and precision, acting quickly and nimbly without ever sacrificing accuracy. 

WE ACT WITH INTEGRITY — We believe open honesty is the foundation of every strong relationship. We aim to build trust in every interaction, fostering reliable partnerships with our clients and within our team. 

WE SUCCEED TOGETHER — We believe our collective strength drives our success. We move forward as one team, valuing diverse perspectives and fostering a culture of continuous learning and bold ideas to elevate each other.

WE GROW AS A TEAM — We embrace every challenge as an opportunity to improve. When we fall short, we fix issues collaboratively, and prioritize solutions over blame.