Cybersecurity Compliance Lead, Security Compliance
Employee Applicant Privacy Notice
Who we are:
Shape a brighter financial future with us.
Together with our members, we’re changing the way people think about and interact with personal finance.
We’re a next-generation fintech company using innovative, mobile-first technology to help our nearly 3 million members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront.
We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.
About The Role
The Governance, Risk, and Compliance (GRC) team handles a wide range of cross-functional activities, from security compliance certifications and audits, to risk management, inbound and outbound due diligence, security awareness, policy and procedures, and more.
Each of these ongoing parallel activities entails interpreting and setting requirements, assessing the effectiveness of security controls, risk-based decision making, cross-functional collaboration and communication, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy.
The Cybersecurity Compliance Lead is a hands-on and high energy program leader who can operate independently in achieving our team objectives. The team’s primary objective is to assist in overseeing the Security Compliance program enterprise wide.
The successful candidate will bring vision to the role and will have expertise in cloud technologies/environments, AWS or other related cloud experience, and testing security efficiency. The Cybesecurity Compliance Lead will quickly establish multi-functional relationships with colleagues to become a trusted resource for our Engineering, Product Delivery, TechOps, Compliance and Risk Teams, while also maintaining a hands-on role in proposing solutions/controls and crafting specifications for those teams.
Responsibilities
- Apply a working knowledge of information security regulation and policy to articulate customer and control impact and drive alignment to SoFi’s integrated control framework
- Partner with security engineering, architecture and application development teams to deploy preventative and detective controls against our cybersecurity policies and standards to achieve continuous compliance
- Assess effectiveness, scalability and reliability of security controls and automate assessments in enterprise or cloud environments
- Monitor and ensure compliance with new regulatory requirements, information system security policy and procedures
- Manage security compliance programs and examinations while working to standardize and optimize controls and procedures across SoFi
- Liaise with auditors, articulate control implementation and impact, and describe considerations for applying security and compliance concepts to a technical cloud environment
- Define and execute existing or new compliance initiatives (SOC1, SOC2, ISO27001,PCI, FedRamp)
- Assess and track compliance with regulatory and legal requirements relevant to the SoFi business such as GLBA, FINRA, State
- Cybersecurity requirements (i.e. NYDFS, Colorado Security Act etc..) and contractual commitments
- Maintain security diligence programs for investors, partners, and prospective partners.
- Lead the escalation and resolution of risk and compliance issues with appropriate leadership cross functionally
- Metrics driven, understands, develops and delivers meaningful risk-based operational metrics, dashboards and reports to a wide audience demonstrating our current program state and adherence to frameworks and standards
Minimum qualifications
- BS degree in Computer Information Systems or related field
- 7+ years of experience with security-related regulatory compliance for financial services
- Strong leadership skills
- Experience managing PCI DSS, ISO 27001, SSAE18, or other compliance standards and framework programs
- Strong knowledge of security risk management and running audits/certification programs
- Knowledge of, or experience working with, Cloud technologies/environments, AWS or other related cloud experience
- Self-starter with strong interpersonal and communication skills
- Demonstrate ability to assimilate new knowledge quickly
- Comfortable working in a fast-paced, dynamic environment
Preferred qualifications
- Big 4, or management/IT consulting experience
- Relevant certification (e.g. CISA, CISSP) or equivalent expertise
- Have a detailed knowledge of NIST 800-53/800-37, CNSSI 1253, SOC1, SOC 2, PCI, or ISO 27001 standards and understanding of evaluating the design and effectiveness of IT controls working directly with auditors for these types of assessments
- Ability to review technical reports and provide risk mitigation solutions from activities such as Penetration Testing, Vulnerability
- Management, Wi-Fi testing and/or web-based application assessments
- Understanding of AWS cloud computing services/deployment architecture (IaaS, PaaS, SaaS) through experience in operating them or obtaining certifications
- Have experience in performing technical assessments and audits of network, operating systems, application
Why you’ll love working here:
- Competitive salary packages and bonuses
- Comprehensive medical, dental, vision and life insurance benefits
- Generous vacation and holidays
- Paid parental leave for eligible employees
- 401(k) and education on retirement planning
- Tuition reimbursement on approved programs
- Monthly contribution up to $200 to help you pay off your student loans
- Great health & well-being benefits including: telehealth parental support, subsidized gym program
- Employer paid lunch program (except for remote employees)
- Fully stocked kitchen (snacks and drinks)
*These benefits are only applicable to full time employeesSoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.The health and safety of our employees and their families is our top priority. Due to the ongoing nature of the COVID-19 pandemic, and because unvaccinated employees pose a direct threat to the health and safety of others in the workplace, effective on November 1, 2021, U.S. employees must be fully vaccinated to work from any of our offices, travel for business or attend work-related meetings.The company will make reasonable accommodations when possible for employees who are unable to be vaccinated because of a disability, pregnancy, sincerely held religious belief, or for other legally required reasons..Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.