Overview

We are seeking a Security GRC Manager to lead our security governance, risk, and compliance program in a fast-paced fintech environment. This role is responsible for ensuring our security posture aligns with regulatory requirements, industry standards, and business objectives while enabling innovation and growth.

You will partner closely with Engineering, Product, IT, Legal, and Compliance teams to design scalable security controls that support a highly regulated financial ecosystem.

What You'll Do

Governance & Policy

• Develop, maintain, and enforce information security policies, standards, and procedures
• Align security governance with frameworks such as NIST CSF, ISO 27001, SOC 2, and PCI DSS
• Establish security metrics and reporting for leadership and board-level visibility

Risk Management

• Lead enterprise risk assessments, including company security risk profile and third-party risk evaluations
• Maintain and evolve a security risk register, including tracking and remediation efforts
• Partner with Engineering and IT to prioritize and mitigate security risks across systems and infrastructure

Compliance & Audits

• Own and manage security and privacy compliance obligations (e.g., SOC 2 Type II, PCI DSS, GLBA, FFIEC)
• Coordinate internal and external audits, including evidence collection and auditor engagement
• Monitor regulatory changes in the areas of security and privacy that impact the company, and ensure continuous compliance

Third-Party & Vendor Risk

• Implement and manage third-party risk management (TPRM) processes
• Conduct outbound security due diligence of vendors and partners
• Support inbound security due diligence from vendors, partners and investors
• Track ongoing vendor compliance and risk posture

Security Awareness & Training

• Lead company-wide security awareness programs
• Promote a culture of security across technical and non-technical teams

Cross-Functional Collaboration

• Work with Legal, Compliance, and Privacy teams on regulatory obligations and data protection
• Support incident response from a compliance and reporting perspective
• Provide guidance during product development to ensure secure-by-design practices
• Provide support to Product, Engineering and IT regarding security best practices and compliance obligations

Requirements

• 5-8+ years in information security, with a focus on security risk and compliance
• Experience in fintech, banking, payments, or other regulated industries
• Strong knowledge of frameworks (e.g., SOC 2, ISO 27001, NIST CSF, PCI DSS, CIS CSC)
• Experience managing audits and working with external auditors (SOC 2 and/or PCI DSS)
• Familiarity with U.S. regulatory requirements (e.g., GLBA, FFIEC guidance)
• Excellent communication skills, including executive-level reporting

Nice to Have

• Certifications such as CISSP, CISM, CRISC, or CISA
• Experience with cloud environments (AWS)
• Knowledge of privacy regulations (e.g., CCPA, CPRA)
• Experience building or scaling security GRC programs in a high-growth company
• Familiarity with compliance automation platforms such as Vanta

What Success Looks Like

• Clean audit results with minimal findings
• A mature, scalable GRC program aligned with business growth
• Clear visibility into risk posture across the organization
• Strong partnerships with Engineering, Product, IT Compliance, Legal and Leadership

Benefits and Perks

Our goal is to provide a comprehensive offering of benefits and perks that promote better financial, mental, and physical wellness.

We believe working alongside each other in person is the best way to build a great product and foster a strong company culture. Our expectation is that employees are in the office five days a week, allowing for optimal collaboration, inclusivity, and productivity. At the same time, we understand that life happens and recognize the importance of flexibility. We are committed to supporting our employees when circumstances arise that require remote work or adjusted schedules. Our goal is to ensure everyone can effectively balance personal and professional responsibilities while maintaining our collaborative and productive environment.

Here are some highlights of our benefits and perks offerings, feel free to ask your recruiting partner for more details on our comprehensive offering for employees.

• 100% company-paid medical, dental, and vision coverage for you and your dependents on your first day of employment.
• Receive up to $100 per month in fitness reimbursement or enjoy a complimentary full membership to LifeTime Fitness or Equinox.
• 401(k) with a 3.5% match and immediate vesting
• Meal program available for both lunch and dinner
• Pre-tax benefits, including a $1,000 HSA match
• Life and accidental insurance
• Flexible PTO

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience. Base salary is just one part of your total compensation and rewards package at Credit Genie. You may also be eligible to participate in the bonus and equity programs. You will also have access to comprehensive medical, vision, and dental coverage, a 401(k) retirement plan with company match, short & long term disability insurance, life insurance, and flexible PTO along with many other benefits and perks.