Information Security Analyst

About the Company

Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing.

We're a Series C company backed by a16z, transforming industries that others have written off as too complex to innovate.

Rather than build on top of broken legacy systems, we took a different approach: we built and operate our own mortgage servicing business managing $110+ billion in loans. This wasn't the end goal, it was how we deeply understood the complexity needed to build software that actually works in regulated industries.

The results speak for themselves. We've transformed mortgage servicing from a 0% margin business into 60%+ margins while dramatically improving customer experience. Major enterprise contracts are now deploying across the industry.

ValonOS is our unified platform that makes every process structured and programmable and it is perfectly positioned for the AI era. When everything flows through one system with rich data, AI agents don't just automate tasks, they continuously improve entire operations. Mortgage servicing is just the beginning of our vision to transform regulated industries and beyond.

About the Team

Our customers entrust us with some of their most sensitive and personal financial information, and it is the ultimate mission of Valon’s Security team to ensure we have sound programs, processes, and automation in place to safeguard our customers’ data. The Security team protects the infrastructure and data for processing billions of dollars of mortgage loans. We work cross-functionally with product, engineering, IT, legal, and more to enable security throughout the organization and engage with internal and external assessors to continuously evaluate Valon’s security posture.

About the Role

We are seeking a motivated Information Security Analyst to join our growing team! As a key security member at Valon, you will play a critical role in ensuring the security of our organization's systems, cloud infrastructure, products and data. This role will be working closely with the CISO and the Security team, and is responsible for ensuring the company’s technical controls meet security compliance requirements, managing risks and remediation, supporting operational and monitoring efforts, and driving program management activities. The ideal candidate has a strong foundation in security principles, an eye for detail, a proactive approach to problem-solving, and the ability to collaborate with cross-functional teams to ensure we protect our most critical assets to uphold trust with our customers and stakeholders.

Responsibilities

• Assist in implementing and maintaining compliance with frameworks (SOC 2, NIST CSF, CIS) and regulatory requirements (NYDFS, GLBA, Safeguards, CCPA and related)

• Support internal and external security audits and exams, including evidence gathering and remediation tracking

• Review, manage, and monitor security policies for compliance

• Manage and coordinate remediation for vulnerability, security, and compliance issues across stakeholders

• Conduct security risk assessments and monitoring

• Support on-call and operational security activities including monitoring security alerts, investigating incidents, vendor security reviews, security awareness and training, and other tasks

• Manage and track security metrics, KPIs and reporting

• Manage security policies, standards, and procedures

• Maintain customer facing security documentation and informational assets  

Ideal Background

• Proven experience in a security analyst related role, with a focus on security compliance, issue  management, vulnerability management, and/or security program management.

• Experience with security and compliance frameworks and requirements (OWASP, SOC 2, NIST, ISO, CIS, etc.)

• Basic knowledge of cloud security and public cloud environments 

• Ability to work autonomously, be agile, and balance multiple projects and operational efforts

• Self-starter that is eager to learn and support across diverse areas

• Ability to foster strong relationships and partner with stakeholders to drive results

• Excellent communication and collaboration skills, with the ability to explain security concepts to technical and non-technical stakeholders

• Strong organization and project management skills

• Experience or exposure to startup environments is a plus

• Experience or exposure to financial services, banking or fintech organizations is a plus

Minimum Qualifications

• Minimum of 2-3 years as a security analyst or security program manager with relevant responsibilities and background

• Bachelor's degree in Computer Science, Information Security, Technology, or a related field

• Relevant security certifications based on career experience (CompTIA Security+, CC, SSCP or related), or seasoned career level (CISSP, CISM, CRISC or related)

• Experience with security compliance frameworks and risk assessments

• Experience with operational activities including issue management, security reviews, control monitoring, incident management, and reporting

Benefits

• Base Compensation Band: $100,000-$125,000. Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skills

  • This Base Compensation pay range applies to our New York City located staff and may differ according to location.

• Compensation: Competitive salary with a meaningful stake in the company via equity, and 401k plan 

• Health & well-being: We’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits

• Commuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient

• Grow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback

• Play together: Quarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners!

• Generous time off: Flexible paid time off, sick days, and 11 company holidays 

• Baby bonding time!: 12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest addition

Location: US (Remote) or NYC office (Hybrid - onsite) 

Throughout the interview process, please remember that emails will only be from valon.com emails. We won't ever be asking for any personally identifiable information during the interview process itself. Please reach out to [email protected] if you have any requests to verify the authenticity of an outreach.

Valon is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. Valon makes hiring decisions based solely on qualifications, merit, and business needs at the time.