nCino

Manager - Business Information Security Office

nCino$121K — $213K *
Finance & Insurance
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Undergraduate degree in computer science, information systems, or related technology field; advanced degree preferred.
  • 5+ years in information security, IT compliance, or related field with at least 1 year in a team lead or management role.
  • Knowledge of security frameworks such as SOC 2, ISO 27001, PCI DSS, and CSA STAR.
  • Familiarity with AI risk frameworks like NIST AI RMF.
  • Proven experience managing compliance documentation and coordinating audits in regulated environments.
  • Strong ability to communicate technical concepts clearly to non-technical stakeholders.
  • Experience leading distributed teams with effective prioritization of tasks.

Responsibilities

  • Manage daily team operations, enhancing compliance processes and documentation.
  • Document and enforce standard operating procedures and policies across the team.
  • Support staff development through coaching, training, and performance feedback.
  • Facilitate team meetings, coordinating resources to track compliance milestones.
  • Serve as primary coordinator for customer audits and security assessments.
  • Oversee preparation and maintenance of compliance documentation and evidence packages.
  • Utilize AI tools to streamline operations and improve compliance efficiency.

Benefits

  • Creative and high-energy work environment.
  • Opportunities for continuous learning and professional growth.
  • Collaboration with cross-functional teams.
  • Access to the latest technology and tools in security and compliance.
Full Job Description
nCino's Business Information Security Office (BISO) serves as the primary interface between our security posture and the customers who depend on it. As Manager, you will lead a team responsible for maintaining compliance documentation, facilitating customer audits, responding to security inquiries, and supporting vendor assessments across SOC 2, ISO, PCI, and STAR frameworks. This role requires someone equally comfortable managing day-to-day ticketing operations and engaging in compliance-focused customer conversations. The ideal candidate brings experience leading compliance-oriented teams in regulated industries, with a track record of navigating audits and familiarity with AI due diligence frameworks. You lead with a player-coach mentality, translating technical requirements into clear deliverables while empowering your team to own the work.

Essential Functions
  • Manage day-to-day operations of the team, overseeing administration and continuous improvement of compliance processes, systems, and documentation under your responsibility.
  • Ensure standard operating procedures, policies, and project guidelines are documented, maintained, and consistently applied across the team.
  • Support staff development through onboarding, training, coaching, and ongoing feedback; identify growth opportunities and address performance proactively.
  • Conduct regular performance check-ins and formal reviews; provide constructive feedback, recognize contributions, and escalate compensation or promotion recommendations as appropriate.
  • Facilitate team meetings, coordinate resources, and track progress against project milestones and compliance commitments.
  • Manage workload distribution and prioritization to ensure timely response to customer security inquiries, audit requests, and vendor assessments.
  • Serve as the team's primary point of coordination for customer audits, third-party risk assessments, and security questionnaire.
  • Oversee the preparation, maintenance, and continuous improvement of compliance documentation and evidence packages.
  • Coordinate responses to customer security due diligence requests, including questionnaires and examiner inquiries, ensuring accuracy and timeliness.
  • Assist in the development and review of information security policies, standards, and procedures, ensuring alignment with external regulatory requirements.
  • Support technical risk assessments of information systems and infrastructure; escalate identified issues with appropriate context and recommended remediation paths.
  • Coordinate delivery of information security and privacy training for employees and authorized users in partnership with broader security and HR teams.
  • Maintain current awareness of relevant information security laws, regulations, and frameworks applicable to the financial services industry; communicate updates to the team.
  • Partner with engineering, product, and legal stakeholders to escalate security improvement needs based on customer and examiner feedback.
  • Engage with business stakeholders to gather requirements and communicate project status, present team updates, compliance metrics, and risk summaries to management and relevant stakeholders.
  • Represent the team in customer-facing conversations with financial institution security and IT teams, serving as a knowledgeable point of contact.
  • Prepare and maintain dashboards and reports tracking compliance activities, open audit items, and team performance against defined service levels.
  • Coordinate with cross-functional teams to ensure consistent implementation of security configurations, standards, and controls across business platforms.
  • Leverage AI tools and techniques to enhance work efficiency and optimize business operations by automating routine tasks to improve accuracy, save time, and minimize errors.
  • Utilize AI-driven insights to refine decision-making, elevate customer experience, and boost team productivity while ensuring its application provides measurable value, driving innovation and smarter ways of working.
  • Stay informed on AI advancements to drive continuous learning and scalable growth opportunities.


Qualifications

Required:
  • Undergraduate degree in computer science, information systems, or a related technology field, or equivalent work experience; advanced degree preferred.
  • Five or more years of experience in information security, IT compliance, or a related technical discipline, with at least one year in a team lead or people management capacity.
  • Working knowledge of information security frameworks and standards, including SOC 2, ISO 27001, PCI DSS, and CSA STAR.
  • Familiarity with AI risk and due diligence frameworks, including NIST AI RMF or equivalent.
  • Demonstrated ability to manage compliance documentation, coordinate audit activities, and respond to third-party security inquiries in a regulated environment.
  • Strong communication skills with the ability to explain technical security concepts clearly to non-technical stakeholders, customers, and examiners.
  • Experience managing or coordinating distributed teams with the ability to prioritize competing demands and drive accountability across workstreams.
  • Understanding of cloud security principles and SaaS or multi-tenant environment security considerations.


Desired:
  • Experience managing vendor risk from the vendor side, including familiarity with how financial institutions evaluate SOC 2 reports, penetration test results, and SIG questionnaires.
  • Knowledge of financial services regulatory expectations from bodies such as OCC, FDIC, NCUA, or state banking regulators; familiarity with GLBA safeguards requirements.
  • Exposure to DORA requirements for organizations serving EU-based financial institutions.
  • Familiarity with secure SDLC practices, vulnerability management, and application security concepts.
  • Active pursuit of or current holding of relevant professional certifications such as CISSP, CISM, or CRISC.
  • Experience participating in or supporting a security steering committee or risk committee.


If you thrive in a high-energy, entrepreneurial environment, we invite you to share your passion, ideas and excitement at nCino.

The pay range for this role is based on relative market data and alignment with our compensation philosophy. The range displayed reflects the minimum and maximum of the pay range for each job posting, which is used to determine new hire rates/salaries and takes into consideration multiple factors including but not limited to knowledge, skills, abilities, proficiencies, experience, education, licensures/certifications, as well as business and organizational needs. nCino reserves the right to modify the posted range consistent with our internal practices and external market movement. The recruiter for this job posting can share more compensation details during the recruitment process, as base salary is only one component of the total compensation package per position posted.

The base salary range for this job is:
$121,900.00 - $213,300.00

About nCino

nCino is a cloud-based banking software company that was founded in 2012. The company provides a range of solutions to financial institutions, including loan origination, account opening, and customer relationship management. nCino's software is designed to help banks and credit unions streamline their operations, reduce costs, and improve the customer experience. The company has received numerous awards for its innovative technology and has been recognized as one of the fastest-growing companies in the United States.
Learn more about nCino
Size
1,681 employees
Market Cap
$2.6 billion
Industry
Net Income
-$38.1 million
Founded
2012
Revenue
$186.2 million
NASDAQ

Similar Jobs

More Jobs at nCino

More Finance & Insurance Jobs

Find similar Manager - Business Information Security Office jobs: