Earned is a category-defining, first-in-kind tax-smart financial services firm dedicated to serving doctors, their families, and their practices. Our goal is to be the only financial partner doctors need by seamlessly integrating personal and practice-based solutions to maximize their wealth potential and drive better financial outcomes. Our technology-driven approach, supported by fiduciary experts and modern tax-smart tools, ensures clients have a clear, real-time view of their financial trajectory through our iOS app and beyond. Our offering is differentiated, superior and creates deep connections with our clients.
What further sets Earned apart is our strategic growth model. We have secured an initial $200M commitment to fuel an aggressive M&A strategy, acquiring and integrating best-in-class financial services firms to expand our capabilities and accelerate our vision. Backed by leading investors—including Summit Partners, Silversmith Capital, Juxtapose, Hudson Structured, and Breyer Capital—we are rapidly scaling to redefine financial services for medical professionals.
Join us as we build the future of financial services for doctors—faster, smarter, and at scale.
Job Summary
We’re looking for a proactive Information Security Lead who’s ready to elevate and champion our security, compliance, and risk programs. As the first expert dedicated to information security at Earned, you’ll partner with teams across IT, Engineering, and Operations to shape strong controls, smart policies, and a resilient security foundation. Your leadership will have a direct and lasting impact on Earned’s security posture and readiness.
Key Responsibilities
Lead and support SOC 2 Type I & II, SEC S-P, ISO 27001, and CCPA initiatives, including leading engagements with external firms and consultants as necessary.
Maintain and enhance core security and compliance policies (WISP, CDISP, Access, Privacy, Intercompany Agreements).
Inform and lead the implementation of data and other access permissions consistent with security and compliance policies in close partnership with engineering.
Develop scalable, repeatable processes to unify acquired firms into Earned’s security and compliance program.
Conduct risk assessments and maintain a shared risk register with remediation tracking.
Support identity and access governance (MFA/SSO reviews, onboarding/offboarding, quarterly access reviews).
Run vendor risk assessments for new and renewing vendors.
Manage evidence collection, asset inventory, and security compliance platforms such as Vanta or Drata.
Assist with incident documentation, timelines, and corrective actions.
Key Requirements
Bachelor’s degree in relevant field
5+ years in GRC, IT audit, security operations, or compliance
Experience in organizations scaling through both organic and inorganic (M&A) growth
Familiarity with HITRUST, SOC 2, SEC S-P, NIST CSF, ITGC, and vendor risk frameworks
Experience designing and implementing scalable evidence systems, compliance workflows, metrics pipelines, and exception processes
Ability to integrate GRC systems with cloud and SaaS environments for automated evidence collection and continuous monitoring
Strong documentation, organization, and communication skills
Ability to work independently in a fast-paced, small-team environment
Preferred Requirements
Experience in financial services or highly regulated environments
Exposure to Vanta, Drata, or Archer
Experience supporting M&A-driven security assessments
An attractive total compensation package
Employer-sponsored health insurance (medical, dental, vision)
401k + 5% match
Loading similar jobs...
Discover fully remote job opportunities in the United States at USA Remote Jobs. Apply for roles like Software Developer, Customer Service Specialist, Project Manager, and more!