InfoSec Governance, Risk, and Compliance Manager

Risk San Francisco, California


Description

SoFi is seeking an experienced InfoSec Manager to assist in all aspects of our governance, risk and compliance program. This role will report to the Director of Information Security and work with cross-functional teams and external parties to support compliance, risk management and business development activities.

At SoFi, you’ll become part of a new kind of finance company whose ambition is to help our members achieve financial independence and reach their goals. We aim to be at the center of our members’ financial lives, and to help every member get their money right. We created student loan refinancing, addressing the biggest financial challenge of a new generation through a modern approach to lending and personal finance. Next we expanded our products and services across loans, wealth management, and insurance. SoFi Money—a modern take on a checking or savings account--is our newest innovation and disruption to the financial services industry. SoFi has achieved significant growth, with ambitious plans ahead, but to continue this growth we need great talent. And that starts with you.

Responsibilities

  • Manage and own major GRC-focused initiatives from beginning to end with minimal supervision.
  • Assess and track compliance with regulatory and legal requirements relevant to the SoFi business such as GLBA, FINRA, CCPA, NYDFS, Colorado Security Act and contractual commitments.
  • Coordinate 3rd party audits of SoFi including SOC 1, SOC 2 and PCI DSS.
  • Drive privacy and information security training and awareness.
  • Support security and privacy incident response. Coordinate recovery and remediation activities.
  • Maintain information security and privacy policies and procedures.
  • Work as an advisor to the business areas to plan for vendor solutions for managing the information security risk.
  • Support risk assessments related to new product development.
  • Lead the escalation and resolution of risk and compliance issues including business, security, privacy, legal, compliance and IT teams.
  • Develop and deliver meaningful security dashboards and reports to a wide audience demonstrating our current program state and adherence to frameworks and standards. 
  • Work closely with GRC Director towards overall program rollout and providing risk-based operational metrics/management support.

Minimum qualifications

  • BS degree in Computer Information Systems or related field
  • 5+ years of experience in compliance, privacy and/or security risk management
  • Strong leadership skills
  • Experience with business continuity planning and testing, as well as third-party security management
  • Familiarity with U.S privacy regulations, SSAE18 SOC1/SOC2 and standards such as NIST and PCI
  • Familiarity with GRC tool
  • Experience with process definition, process improvement and metrics
  • Self-starter with strong interpersonal and communication skills
  • Demonstrate ability to assimilate new knowledge quickly
  • Comfortable working in a fast-paced, dynamic environment

Preferred qualifications

  • MS in Management or MBA desired
  • Big 4, or management/IT consulting experience
  • Practical experience implementing GRC
  • Experience with vendor risk management
  • CISSP, CISM, CISA, CIPP or similar certifications
  • Experience leading security or privacy training courses

Benefits

  • Subsidized lunches, a fully stocked kitchen, and subsidized gym membership.
  • Competitive salary packages and bonuses.
  • A flexible vacation policy allows you to truly relax and reboot. 
  • Comprehensive health, vision, dental, and life insurance as well as disability benefits.
  • 100% of health, vision, and dental premiums paid by SoFI for employees and their dependents. 
  • 401(k) and education on retirement planning. 

  • Tuition reimbursement on approved programs, up to $5,250 a year.
  • Monthly contribution to help you pay off your student loans.

#LI-KH2