GRC Specialist

At Lendbuzz, we believe financial opportunity should be more personalized and fair. We develop innovative technologies that provide underserved and overlooked borrowers with better access to credit. From our employees to our dealers, partners, and borrowers, we’ve built a company and a culture around a resolute belief in the promise and power of diversity. We value independent and critical thinking.

We are seeking a dedicated Security GRC (Governance, Risk, and Compliance) Specialist to join our security team. The ideal candidate will play a critical role in managing our organization's security governance, risk management, BCP, and compliance efforts. This role involves implementing and maintaining security frameworks, managing security risks, ensuring compliance with relevant standards, and promoting security awareness across the organization.

Key Responsibilities:

• Develop and implement security policies, procedures, and standards in line with industry best practices
• Ensure security governance processes align with organizational goals and regulatory requirements
• Lead the development, implementation, and maintenance of the organization's Business Continuity Planning (BCP) to ensure operational resilience during disruptions, while coordinating with key stakeholders for risk assessments and recovery strategies
• Identify, assess, and manage security risks across the organization
• Develop and maintain a comprehensive risk management program, including risk registers and mitigation plans
• Manage the third-party security risk management program, including conducting vendor assessments and ongoing monitoring.
• Work with cross-functional teams to ensure that risks are effectively managed and mitigated
• Ensure the organization complies with relevant security standards and frameworks, such as SOC 2, ISO 27001, NIST, etc
• Lead efforts to achieve and maintain necessary security certifications
• Provide support during internal and external audits, including preparing necessary documentation and coordinating with auditors
• Address audit findings and implement corrective actions to improve security posture
• Design and implement security awareness programs to educate employees on security best practices
• Conduct regular training sessions and awareness campaigns to promote a security-conscious culture

Qualifications:

• 3+ years of experience in a GRC role, with a focus on security governance, risk management, and compliance
• Strong knowledge of security frameworks and standards such as SOC 2, ISO 27001, NIST, and others
• Experience with security audit processes and supporting external audits
• Experience in Business Continuity Planning (BCP) or Disaster Recovery (DR) strategies, including risk assessments, business impact analysis, and continuity plan development across diverse organizational functions
• Excellent communication skills, with the ability to effectively convey complex security concepts
• Relevant certifications (e.g., CISSP, CISM, CRISC, CISA) are highly desirable
• Strong analytical and problem-solving skills
• Ability to work independently and prioritize multiple tasks
• Attention to detail and a proactive approach to identifying and mitigating risks
• Excellent organizational skills and ability to manage complex projects
• Strong interpersonal skills and the ability to collaborate across teams

What we offer:

- A culture that values product ownership, collaborative architectural planning, and building wins for your resume/portfolio as much as for the company.

- Smart, dynamic people with whom you can share the experience of building something unique.

- Competitive salary with opportunities for growth and advancement.