Gravity Payments

Compensation

Full Description

A career with Gravity Payments is an opportunity to be on a collaborative team where creative leadership, passion for progress, and responsibility are paramount. Our team members focus and commit to providing for our clients and our community because we care deeply for others. We are seeking a seasoned leader to own our most critical trust and reliability initiatives. This role is central to our commitment to our clients, ensuring our platform is secure, compliant, and resilient. You will own our 24x7 response to incidents, drive the continuous improvement of reliability for our systems, and the programs that manage our compliance obligations. This is a high-impact, technical role for someone who is passionate about building and maintaining customer trust through operational excellence. Success in this role looks like: Within 3 months: You have taken full ownership of the incident management program, refined the on-call communication process, and are confidently leading incident response for any production issues that arise. Within 6 months: You are driving the day-to-day operations of our PCI and SOC2 programs, managing our continuous compliance platform, and are fully prepared to lead our next audit cycle with external partners. Within 1 year: Leveraging our established RTOs/RPOs, you have partnered with engineering and operations teams to architect and implement a detailed, service-by-service technical recovery plan, culminating in a successful validation of RPOs/RTOs. Core Responsibilities: Incident Response Management Lead and manage the end-to-end incident response process as the on-call Incident Manager, ensuring swift resolution and clear communication to all stakeholders. Own the post-incident lifecycle by facilitating blameless post-mortems and Root Cause Analyses (RCAs), then driving the resulting follow-up actions to prevent recurrence and achieve lasting improvements. Business Continuity and Disaster Recovery Own and advance the company's Business Continuity and Disaster Recovery (BC/DR) program, including planning, testing, and reporting on our organizational readiness. Management and Ownership of Compliance Systems Drive the maturity of our PCI DSS and SOC2 compliance programs by translating requirements into actionable engineering work and managing the collection of audit evidence. Act as a primary stakeholder for follow-up actions that affect trust and reliability, ensuring that remediation tasks and proactive reliability improvements are prioritized and executed by the appropriate engineering and operations teams. Preferred Skills: Experience working within or closely with Engineering teams in small or midsize companies, particularly those structured as multiple focused pods or teams, where cross-functional collaboration is common. Experience in the credit card payment services industry (credit card processing, acquiring, and merchant services). Exceptional leadership and communication skills, with the ability to remain calm and authoritative under high-pressure situations. A talent for influencing without direct authority in order to align teams toward common goals. A deep understanding of risk management principles and how to apply them in a technical environment. Strong organizational skills with a proven ability to manage multiple complex programs simultaneously. Leverage AI to evaluate documents, reports, find gaps, and evaluate readiness. Ability to use AI to quickly iterate on trust and reliability workflows. A continuous improvement mindset, with experience delivering iterative value on long-term programs. Experience presenting complex technical and compliance topics to both executive and engineering audiences. Technical Requirements: Direct experience with cloud-native architectures (AWS preferred)—including having managed, deployed, or been responsible for services using containerization, serverless/function-based applications, managed databases, and encryption. Able to bring operational accountability to technical discussion, drawing from practical experience. Demonstrated experience leading or coordinating incident response efforts during technology incidents or outages, including incident triage, stakeholder communication, driving team ownership, and post-incident analysis. Proven experience leading at least one full audit cycle for a major compliance framework (PCI DSS Level 1 or SOC2 Type II), including direct interaction with external auditors. Expertise in using compliance automation software (e.g., Drata, Vanta) to continuously monitor controls and streamline evidence collection, keeping us audit-ready at all times. Expert-level proficiency in configuring and managing incident management platforms (e.g., PagerDuty, Opsgenie), including the design of escalation policies, on-call schedules, and third-party app integrations. Advanced ability to query and analyze data in observability platforms (e.g., Datadog, Splunk) to create insightful dashboards, define SLOs, and identify performance trends. Working knowledge of secure SDLC practices, with the ability to participate in architecture reviews and identify risks within CI/CD pipelines and infrastructure-as-code (IaC) templates. Additional Requirements Must have access to a wired internet connection Must have access to at least a 25 megabits per second (mbps) download and 20 mbps upload speed connection Compensation: Competitive wage with Profit Sharing. Base pay without commissions and a unique opportunity to earn a share in company success. Comprehensive Benefits: Medical, dental, and vision coverage. Financial Security: 401(k) retirement plan and voluntary life insurance. Wellbeing: Time off when you need it, supporting both personal and professional sustainability. Open PTO available after one year. Career Growth: Training, mentorship, and development opportunities. Support & Stability: Short-term & long-term disability coverage and wellness resources. The salary range for this position is $128,000-182,000. We may be open to negotiating outside of this range if the desired salary aligns with the needs of the candidate and the company. Gravity Payments is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity/expression, age, disability status, protected veteran status, or any other characteristic protected by law. Gravity Payments collects and processes personal data in accordance with applicable data protection laws. If you are a California Job Applicant see the privacy notice for further details.