Senior Security Analyst, Customer Assurance

We believe that the way people interact with their finances will drastically improve in the next few years. We’re dedicated to empowering this transformation by building the tools and experiences that thousands of developers use to create their own products. Plaid powers the tools millions of people rely on to live a healthier financial life. We work with thousands of companies like Venmo, SoFi, several of the Fortune 500, and many of the largest banks to make it easy for people to connect their financial accounts to the apps and services they want to use. Plaid’s network covers 12,000 financial institutions across the US, Canada, UK and Europe. Founded in 2013, the company is headquartered in San Francisco with offices in New York, Washington D.C., London and Amsterdam.

About the Team:

The Security Governance, Risk, and Compliance team is part of Plaid’s security organization, focused on enabling the business by proactively managing information security risks and maintaining effective controls. Our mission is to reduce the likelihood and impact of security risks while operating a robust assurance program that builds trust with our customers, consumers, and data partners. We partner closely across the company to ensure Plaid’s platform remains secure, resilient, and aligned with industry and regulatory expectations. The Security Contracts workstream is a core part of our Security Assurance program, ensuring Plaid’s contractual security obligations with customers and data partners are defensible, consistent, and never a bottleneck to deal velocity, all while building trust.

You’ll be the direct owner of Plaid’s Security Contracts work-stream, responsible for how security contract reviews get done, how quickly they move, and how the program improves over time. You’ll review security provisions in customer MSAs, DPAs, and security addenda, identify unacceptable clauses, and provide Legal and GTM with clear, actionable feedback that helps move deals forward. You’ll also build the playbooks, processes, and program infrastructure that make the work-stream scalable, use data and pattern analysis to proactively reduce friction, and operate as an AI power user to maximize throughput. Beyond contracts, you’ll support broader Security Assurance work by responding to customer security questionnaires and joining external audit calls with customers and data partners.


Responsibilities

  • Lead security contract reviews across customer MSAs, DPAs, security addenda, and security exhibits by identifying unacceptable clauses, forming a clear security position, and providing Legal with actionable feedback they can take directly into negotiations.

  • Design and own the end-to-end Security Contracts program infrastructure, including intake processes, tiered SLAs, security positions runbooks, and handoff protocols with Legal and GTM.

  • Track security contract asks across deals, identify recurring patterns, and determine whether they represent gaps in Plaid’s program or non-standard customer requests.

  • Assess feasibility and propose recommendations to leadership when recurring asks point to program gaps, and codify existing capabilities into standard security addenda where appropriate to reduce future negotiation cycles.

  • Join customer and data partner calls as Plaid’s security subject matter expert, building trust through patient, clear, and collaborative communication.

  • Define KPIs, build dashboards, and deliver regular reporting on program health to Security and GTM leadership, including visibility into deal friction, SLA adherence, and improvement opportunities.

  • Build and scale AI-assisted workflows for security assurance, contract review, questionnaire completion, clause library maintenance, pattern analysis, and reporting.

  • Support customer security questionnaires and external audit calls with customers and data partners, ensuring Plaid presents a consistent and credible security posture across customer-facing assurance activities.

Qualifications

  • 6+ years of experience in security assurance, security GRC, security compliance, or a related information security role with meaningful ownership of customer- or partner-facing security workflows.

  • Security contract review and negotiation:

    • Experience reviewing security provisions in MSAs, DPAs, and security addenda — and translating that expertise into clear positions Legal can take directly into negotiations.

    • Deep familiarity with common security clause types: e.g. incident notification windows, audit rights, encryption requirements, subprocessor obligations, data retention, and penetration testing provisions.

    • Ability to translate a company's security posture and risk appetite into clear, defensible contract positions and hold those positions through multiple negotiation cycles.

    • Experience representing a company's security program directly to customers and financial institution partners on calls — fielding questions about security controls, compliance posture, and contractual obligations.

  • Security Compliance and regulatory knowledge:

    • Working knowledge of SOC 2, ISO 27001, NIST CSF, PCI DSS, GLBA, GDPR/CCPA, NIST 800-53, etc.

    • Deep understanding of what "standard" security contract language looks like in fintech and banking agreements

    • Prior experience in fintech, payments, or financial services — you understand the security expectations of data partners and regulated entities, and know how to navigate those relationships with the patience and credibility they require.

  • Program design and operational maturity:

    • Experience building security assurance programs — designing intake processes, tiered SLAs, escalation paths, and runbooks, not just executing within existing ones.

    • Strong analytical skills: ability to identify patterns across a high volume of security contract asks, track pushback rates and cycle counts, and translate findings into process improvements.

    • Experience with metrics ownership: defining KPIs, building tracking infrastructure, and reporting on program health to cross-functional stakeholders.

  • Communication and cross-functional effectiveness:

    • Exceptional written and verbal communication skills — precise enough for Legal to use your positions to draft language, clear enough for a Sales rep to use in a customer call.

    • Experience working directly with Legal and GTM teams as a security subject matter expert.

    • Experience driving customer and data partner calls involving security.

  • AI fluency and tooling:

    • Demonstrated ability to build and scale AI-assisted workflows — applies AI tooling to Security Assurance activities like contract review, questionnaire completion, clause library maintenance, pattern analysis, and reporting to materially increase throughput.

    • Shares what works with the broader team; approaches AI as a force multiplier for the function, not just a personal productivity tool.

Nice to have:

  • Experience redlining security contract language directly, beyond providing advisory feedback.

Our mission at Plaid is to unlock financial freedom for everyone. To support that mission, we seek to build a diverse team of driven individuals who care deeply about making the financial ecosystem more equitable. We recognize that strong qualifications can come from both prior work experiences and lived experiences. We encourage you to apply to a role even if your experience doesn't fully match the job description. We are always looking for team members that will bring something unique to Plaid!

Plaid is proud to be an equal opportunity employer and values diversity at our company. We do not discriminate based on race, color, national origin, ethnicity, religion or religious belief, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, military or veteran status, disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state, and local laws. Plaid is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance with your application or interviews due to a disability, please let us know at accommodations@plaid.com.

Please review our Candidate Privacy Notice here.

Additional compensation in the form(s) of equity and/or commission are dependent on the position offered. Plaid provides a comprehensive benefit plan, including medical, dental, vision, and 401(k). Pay is based on factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience and skillset, and location. Pay and benefits are subject to change at any time, consistent with the terms of any applicable compensation or benefit plans.