Position Overview
We are seeking a talented and experienced GRC Senior Manager to lead our security and compliance functions. This role will involve strong cross-functional collaboration and offers the opportunity to contribute to a culture of innovation in the peer-to-peer lending industry. If you are passionate about Governance, Risk, and Compliance (GRC) and excited to shape our practices, we would love to hear from you!
Key Responsibilities
- Develop and manage our GRC strategy, overseeing risk, control, and compliance activities.
- Establish key performance indicators (KPIs) and metrics to measure the effectiveness of the GRC program.
- Lead PCI-DSS compliance assessments, including readiness and external attestation.
- Oversee the Risk Management Program, including planning and coordinating risk assessments (NIST CSF, CIS).
- Ensure compliance with certifications such as SOC1/SOC2 Type II and other external IT audits.
- Drive remediation of process and control deficiencies and improvements identified internally and externally.
- Conduct third-party cyber risk assessments and manage vendor cybersecurity reviews.
- Lead the Security Awareness Program, including phishing simulation campaigns and security awareness training.
- Take ownership of documentation processes and assist with developing and maintaining policies, guidelines, standards, and processes.
- Collaborate with both technical and non-technical teams, including Engineering, HR, Legal, and Compliance.
- Build and automate processes to ensure continuous compliance within the technology environment.
- Develop and maintain strong, collaborative relationships with stakeholders across all levels of the organization.
- Assist with responding to privacy and security compliance requests from regulators, partners, and vendors.
- Lead a team of senior GRC analysts.
- Support the preparation of regular and ad-hoc risk reports for ERM governance, boards, and other relevant stakeholders.
Qualifications
- 4+ years of direct management experience.
- 10+ years of experience in IT compliance and risk management, with familiarity in PCI-DSS, SOC 1⁄2, NIST CSF, etc.
- Excellent written and verbal communication skills, with the ability to tailor communication to different audiences.
- Experience with cloud environments.
- Strong project management and process improvement skills.
- Ability to work effectively with both technical and non-technical resources.
- Self-directed and capable of working with minimal guidance.
- Experience with CCPA is preferred.
- Relevant certifications such as CISSP, CISA, or CRISC are preferred.
Compensation
The salary ranges from \(180,000 to \)247,000 annually, plus bonus and a comprehensive benefits package. Salary considerations will include your location, experience, and relevant factors.
About Our Technology Team
Our expanding Technology team values passion for the Fintech domain and is committed to delivering innovative, high-quality solutions. We embrace a progressive, test-driven Agile development methodology emphasizing communication, teamwork, sound design, and clean implementation.
Our Culture
We foster an inclusive and diverse workplace where everyone is respected and has equal opportunities. We believe in the power of new ideas and seek individuals who align with our vision and values. Join us to advance financial well-being and create exceptional experiences for our customers.
Our Values
- Diversity: Expanding opportunities.
- Collaboration: Creating better solutions.
- Curiosity: Fueling innovation.
- Integrity: Defining all relationships.
- Excellence: Leading to longevity.
- Simplicity: Guiding our user experience.
- Accountability: Driving results.
We encourage you to apply even if your experience doesn’t match the job description perfectly. Your unique skills and perspectives are valuable to us, and we welcome individuals who think creatively and challenge the status quo.
Equal Opportunity Employer
We are an equal opportunity employer committed to a diverse and inclusive workplace. All employment decisions will be based on merit and business needs, without discrimination based on any status protected by law. We will consider qualified applicants who are non-US citizens and provide green card sponsorship.
Employment Type: Full-Time