Senior Security Compliance Manager

About The Position

Requirements

• BS degree in Computer Information Systems or related field
• 7+ years of experience with security GRC initiatives
• Experience with regulatory cybersecurity compliance examinations
• Substantive and current knowledge of transaction banking compliance, consumer and commercial lending, deposit, wires, cards and privacy regulations applicable to banks
• Experience with onboarding and monitoring cybersecurity controls in cloud environments specifically AWS
• Experience with AI governance and risk assessments using frameworks like NIST AI RMF, ISO42001, ISO 38507 and other privacy regulations like CCPA, GDPR etc
• Strong knowledge of security risk management and running audits/certification programs
• Self-starter with strong interpersonal and communication skills
• Demonstrate ability to assimilate new knowledge quickly
• Comfortable working in a fast-paced, dynamic environment, and managing multiple projects concurrently
• Experience with managing programs in GRC tools

Nice To Haves

• Banking/Fintech, Big 4, or management/IT consulting experience
• Strong risk management and governance experience KRI’s/KPI’s reporting
• Familiarity with CSPM, AWS security, CI/CD, SAST/DAST, SIEM and vulnerability management tools
• Strong JIRA and workflow management and agile project management experience
• Direct experience with regulatory cybersecurity compliance examinations
• Relevant certification (e.g. CISA, CISSP, PCI QSA, AWS certifications) or equivalent expertise
• Have risk assessment expertise with PCI DSS 4.0.1, SOX, NIST 800-53/800-37, NIST CSF, SOC 2, PCI, NYDFS NYCRR PART 500 and/or ISO 27001 standards, integrated controls framework, and evaluating design and effectiveness of IT controls working directly with auditors, regulators, investors
• Experience in building successful compliance programs for banks or fintech
• Experience defining compliance roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule
• Technical fluency; comfortable understanding and discussing technology concepts, experience evaluating tradeoffs and new opportunities with technical team members

Responsibilities

• Own bank compliance and controls testing, monitoring and issue management
• Manage ongoing investor audits like SOC2, PCI DSS, SOX ITGC, GLBA and security due diligence questionnaires
• Serve as the primary liaison between internal stakeholders (i.e. Cybersecurity, Technology, Product, Risk, Privacy, Internal Audit, HR, Legal, Sales etc…) and external auditors, regulators, and third-party assessors
• Monitor compliance with cybersecurity policies and standards and assess security compliance risks for bank scoped products, processes and technologies in a cloud environment
• Partner with stakeholders to conduct walkthroughs and create process maps for critical cybersecurity processes, facilitating in risk and control identification and ensure the environment is operating safely and in control
• Translate technical controls and requirements into audit-ready evidence, and work with technical teams to align implementations with compliance expectations
• Support regulatory, third party attestation, and Internal Audit, audit readiness activities, ensuring control design and execution meet internal policy and external regulatory standards
• Communicate clearly and effectively with both technical and non-technical audiences, including executives, control owners, and external assessors.

Benefits

• The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.
• To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page!