Security GRC Manager
Credit Genie, San Francisco, CA, United States
Overview
Credit Genie is a mobile-first financial wellness platform designed to help individuals take control of their financial future. We leverage artificial intelligence to provide personalized insights and are building a financial ecosystem by offering tools and services that provide instant access to cash, and building credit. Our goal is to empower every customer to achieve long-term financial stability.
What You’ll Do
Governance & Policy
Develop, maintain, and enforce information security policies, standards, and procedures
Align security governance with frameworks such as NIST CSF, ISO 27001, SOC 2, and PCI DSS
Establish security metrics and reporting for leadership and board-level visibility
Risk Management
Lead enterprise risk assessments, including company security risk profile and third-party risk evaluations
Maintain and evolve a security risk register, including tracking and remediation efforts
Partner with Engineering and IT to prioritize and mitigate security risks across systems and infrastructure
Compliance & Audits
Own and manage security and privacy compliance obligations (e.g., SOC 2 Type II, PCI DSS, GLBA, FFIEC)
Coordinate internal and external audits, including evidence collection and auditor engagement
Monitor regulatory changes in the areas of security and privacy that impact the company, and ensure continuous compliance
Third-Party & Vendor Risk
Implement and manage third-party risk management (TPRM) processes
Conduct outbound security due diligence of vendors and partners
Support inbound security due diligence from vendors, partners and investors
Track ongoing vendor compliance and risk posture
Security Awareness & Training
Lead company-wide security awareness programs
Promote a culture of security across technical and non-technical teams
Cross-Functional Collaboration
Work with Legal, Compliance, and Privacy teams on regulatory obligations and data protection
Support incident response from a compliance and reporting perspective
Provide guidance during product development to ensure secure-by-design practices
Provide support to Product, Engineering and IT regarding security best practices and compliance obligations
Requirements
5–8+ years in information security, with a focus on security risk and compliance
Experience in fintech, banking, payments, or other regulated industries
Strong knowledge of frameworks (e.g., SOC 2, ISO 27001, NIST CSF, PCI DSS, CIS CSC)
Experience managing audits and working with external auditors (SOC 2 and/or PCI DSS)
Familiarity with U.S. regulatory requirements (e.g., GLBA, FFIEC guidance)
Excellent communication skills, including executive-level reporting
Nice to Have
Certifications such as CISSP, CISM, CRISC, or CISA
Experience with cloud environments (AWS)
Knowledge of privacy regulations (e.g., CCPA, CPRA)
Experience building or scaling security GRC programs in a high-growth company
Familiarity with compliance automation platforms such as Vanta
What Success Looks Like
Clean audit results with minimal findings
A mature, scalable GRC program aligned with business growth
Clear visibility into risk posture across the organization
Strong partnerships with Engineering, Product, IT Compliance, Legal and Leadership
Benefits And Perks
Our goal is to provide a comprehensive offering of benefits and perks that promote better financial, mental, and physical wellness. We believe working alongside each other in person is the best way to build a great product and foster a strong company culture. Our expectation is that employees are in the office five days a week, allowing for optimal collaboration, inclusivity, and productivity. At the same time, we understand that life happens and recognize the importance of flexibility. We are committed to supporting our employees when circumstances arise that require remote work or adjusted schedules. Our goal is to ensure everyone can effectively balance personal and professional responsibilities while maintaining our collaborative and productive environment.
Here are some highlights of our benefits and perks offerings, feel free to ask your recruiting partner for more details on our comprehensive offering for employees.
100% company-paid medical, dental, and vision coverage for you and your dependents on your first day of employment.
Receive up to $100 per month in fitness reimbursement or enjoy a complimentary full membership to LifeTime Fitness or Equinox.
401(k) with a 3.5% match and immediate vesting
Meal program available for both lunch and dinner
Pre-tax benefits, including a $1,000 HSA match
Life and accidental insurance
Flexible PTO
Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience. Base salary is just one part of your total compensation and rewards package at Credit Genie. You may also be eligible to participate in the bonus and equity programs. You will also have access to comprehensive medical, vision, and dental coverage, a 401(k) retirement plan with company match, short & long term disability insurance, life insurance, and flexible PTO along with many other benefits and perks.
Credit Genie is a proud Equal Opportunity Employer where we welcome and celebrate differences. We are committed to providing a workspace that is safe and inclusive, where everyone feels supported, connected, and inspired to do their best work. If you require any accommodations to participate in our recruitment process, please inform us of your needs when we contact us to schedule an interview.
#J-18808-Ljbffr
Credit Genie is a mobile-first financial wellness platform designed to help individuals take control of their financial future. We leverage artificial intelligence to provide personalized insights and are building a financial ecosystem by offering tools and services that provide instant access to cash, and building credit. Our goal is to empower every customer to achieve long-term financial stability.
What You’ll Do
Governance & Policy
Develop, maintain, and enforce information security policies, standards, and procedures
Align security governance with frameworks such as NIST CSF, ISO 27001, SOC 2, and PCI DSS
Establish security metrics and reporting for leadership and board-level visibility
Risk Management
Lead enterprise risk assessments, including company security risk profile and third-party risk evaluations
Maintain and evolve a security risk register, including tracking and remediation efforts
Partner with Engineering and IT to prioritize and mitigate security risks across systems and infrastructure
Compliance & Audits
Own and manage security and privacy compliance obligations (e.g., SOC 2 Type II, PCI DSS, GLBA, FFIEC)
Coordinate internal and external audits, including evidence collection and auditor engagement
Monitor regulatory changes in the areas of security and privacy that impact the company, and ensure continuous compliance
Third-Party & Vendor Risk
Implement and manage third-party risk management (TPRM) processes
Conduct outbound security due diligence of vendors and partners
Support inbound security due diligence from vendors, partners and investors
Track ongoing vendor compliance and risk posture
Security Awareness & Training
Lead company-wide security awareness programs
Promote a culture of security across technical and non-technical teams
Cross-Functional Collaboration
Work with Legal, Compliance, and Privacy teams on regulatory obligations and data protection
Support incident response from a compliance and reporting perspective
Provide guidance during product development to ensure secure-by-design practices
Provide support to Product, Engineering and IT regarding security best practices and compliance obligations
Requirements
5–8+ years in information security, with a focus on security risk and compliance
Experience in fintech, banking, payments, or other regulated industries
Strong knowledge of frameworks (e.g., SOC 2, ISO 27001, NIST CSF, PCI DSS, CIS CSC)
Experience managing audits and working with external auditors (SOC 2 and/or PCI DSS)
Familiarity with U.S. regulatory requirements (e.g., GLBA, FFIEC guidance)
Excellent communication skills, including executive-level reporting
Nice to Have
Certifications such as CISSP, CISM, CRISC, or CISA
Experience with cloud environments (AWS)
Knowledge of privacy regulations (e.g., CCPA, CPRA)
Experience building or scaling security GRC programs in a high-growth company
Familiarity with compliance automation platforms such as Vanta
What Success Looks Like
Clean audit results with minimal findings
A mature, scalable GRC program aligned with business growth
Clear visibility into risk posture across the organization
Strong partnerships with Engineering, Product, IT Compliance, Legal and Leadership
Benefits And Perks
Our goal is to provide a comprehensive offering of benefits and perks that promote better financial, mental, and physical wellness. We believe working alongside each other in person is the best way to build a great product and foster a strong company culture. Our expectation is that employees are in the office five days a week, allowing for optimal collaboration, inclusivity, and productivity. At the same time, we understand that life happens and recognize the importance of flexibility. We are committed to supporting our employees when circumstances arise that require remote work or adjusted schedules. Our goal is to ensure everyone can effectively balance personal and professional responsibilities while maintaining our collaborative and productive environment.
Here are some highlights of our benefits and perks offerings, feel free to ask your recruiting partner for more details on our comprehensive offering for employees.
100% company-paid medical, dental, and vision coverage for you and your dependents on your first day of employment.
Receive up to $100 per month in fitness reimbursement or enjoy a complimentary full membership to LifeTime Fitness or Equinox.
401(k) with a 3.5% match and immediate vesting
Meal program available for both lunch and dinner
Pre-tax benefits, including a $1,000 HSA match
Life and accidental insurance
Flexible PTO
Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience. Base salary is just one part of your total compensation and rewards package at Credit Genie. You may also be eligible to participate in the bonus and equity programs. You will also have access to comprehensive medical, vision, and dental coverage, a 401(k) retirement plan with company match, short & long term disability insurance, life insurance, and flexible PTO along with many other benefits and perks.
Credit Genie is a proud Equal Opportunity Employer where we welcome and celebrate differences. We are committed to providing a workspace that is safe and inclusive, where everyone feels supported, connected, and inspired to do their best work. If you require any accommodations to participate in our recruitment process, please inform us of your needs when we contact us to schedule an interview.
#J-18808-Ljbffr