Security GRC Manager

Plaid•San Francisco, CA

About The Position

We believe that the way people interact with their finances will drastically improve in the next few years. We're dedicated to empowering this transformation by building the tools and experiences that thousands of developers use to create their own products. Plaid powers the tools millions of people rely on to live a healthier financial life. We work with thousands of companies like Venmo, SoFi, several of the Fortune 500, and many of the largest banks to make it easy for people to connect their financial accounts to the apps and services they want to use. Plaid's network covers 12,000 financial institutions across the US, Canada, UK and Europe. Founded in 2013, the company is headquartered in San Francisco with offices in New York, Washington D.C., London and Amsterdam. The Security GRC team at Plaid is responsible for reducing the likelihood and impact of the highest risks to the business. We unblock the business by proactively identifying, assessing, and reducing security risks without slowing down product delivery. We reduce security incidents through strong governance, effective controls, and informed risk decisions. We maintain an assurance program that demonstrates security maturity to our key stakeholders. We enable the business to prioritize mitigations that matter the most to our customers, consumers, and data partners. We unblock revenue and partnerships opportunities through efficient, high quality security reviews and audits. We design controls that scale with our business, with a strong bias towards automation and continuous assurance. We partner closely across the entire organization to embed security and risk management into critical workflows. We act as trusted advisors that raise the security bar while enabling innovation, experimentation, and velocity. You will help lead and evolve our Security Governance, Risk, and Compliance program to unblock the next phase of Plaid's growth. You will report directly to the CISO, and manage a team of ICs responsible for security assurance, compliance operations, and technology risk management. You will be a trusted partner to customer-facing cross-functional teams and product teams across different product areas.

Requirements

Hands on experience operating security GRC programs that map to industry frameworks: SSAE18 (SOC1 and SOC2), ISO 27001, SOX 404 ITGCs, NIST CSF and 800-53
Hands on experience translating framework requirements into practical and testable control objectives.
Hands on experience operating technology risk management programs, and applying quantitative risk analysis techniques (FAIR) and structured qualitative risk modeling.
Cloud-Native security controls and architecture literacy.
Direct customer facing security and trust assurance experience, and stakeholder management.
Direct auditor facing experience through scoping, evidence collection, testing, and remediations.
Direct experience building and deploying control automations.
Working knowledge of modern web application architecture, build and release techniques, incident response, AuthN/AuthZ strategies, data encryption, vulnerability management, third-party risk management, and security training.