About the position
Octane is revolutionizing recreational purchases by delivering a seamless, end-to-end digital buying experience. We connect people with their passions by combining cutting-edge technology and innovative risk strategies to make lifestyle purchases - like powersports vehicles, RVs, and OPE - fast, easy, and accessible. Octane adds value throughout the customer journey: inspiring enthusiasts with our editorial brands, including Cycle World and UTV Driver, instantly prequalifying consumers for financing online, routing customers to dealerships for an easy closing, and supporting customers throughout their loan with superior loan servicing. Founded in 2014, we're a company with 550+ employees and over 30 OEM and 4,000 dealer partners. Octane is seeking a Cyber Risk Management Lead to work hybrid in our Irving, Texas or NYC location. This person is a highly experienced professional who will design, coordinate, and execute day-to-day activities related to cybersecurity, risk control, and compliance across multiple domains, including product governance, information security strategy, cloud and third-party management, data governance, and regulatory compliance. This role will assess processes, risks, and controls, utilizing industry-leading frameworks (NIST CSF, COSO, ISO 27001) to ensure a robust security posture and compliance baseline. The ideal candidate will conduct and facilitate audits (e.g., SOC2 Type 2, SOX), oversee third-party and vendor governance, and collaborate with senior management to design and implement sustainable risk and control frameworks. This includes driving innovation in IT risk, control, and compliance operating models while staying informed on industry trends and best practices.
Responsibilities
- Design, coordinate, and execute the day-to-day activities related to cybersecurity, risk control, and compliance in various areas including product and application governance, information security strategy, business continuity, cloud and third parties, data governance, and regulatory/compliance requirements.
- Review Engineering and IT processes, risk, vendors, controls, and compliance against leading practice, industry, or regulatory guidance. Assess capability maturity, identify gaps in design and operations, and communicate issues and recommendations to senior management.
- Use frameworks such as NIST CSF, COSO, and ISO 27001 to ensure adequate security baseline across the organization.
- Facilitate audits from 3rd party partners and certifying bodies such as SOC2 Type 2 and SOX.
- Conduct audits of 3rd party partners and vendors to assure security, governance, and compliance.
- Working with senior management, assess, design, and implement Engineering and IT risk and control frameworks, sustainable solutions, and operating processes to address key and evolving risks.
- Keep current with competitors and the wider marketplace to understand and innovate related IT risk, control, compliance, and audit operating models.
Requirements
- A minimum of 10 years of experience working within Engineering and IT risk, product security/compliance, internal audit, or IT compliance function as an internal employee or as part of a professional services firm.
- Master's/Bachelor's degree in an appropriate/relevant field from an accredited college/university.
- Relevant certifications from ISC2, ISACA or SANS.
- Proficiency in core requirements and methodologies for SOX and SSAE 18 SOC2 internal control programs.
- Experience with IT risk management operating models, three lines-of-defense frameworks, integrated risk management practices, and/or risk intelligence capabilities.
- Proficiency in executing projects in accordance with leading practice project management principles.
- Strong leadership and communication skills, technical knowledge, and the ability to write at a publication quality level to communicate findings and recommendations to the clients and senior management team.
Benefits
- Robust Health Care Plans (Medical, Dental & Vision)
- Generous Parental Leave
- Up to 5 weeks time off (self-managed)
- Retirement Plan (401k) with company match!
- Educational Assistance/Tuition Reimbursement up to $3K/year
- Life Insurance (Basic, Voluntary & AD&D)
- Short Term / Long Term Disability
- Robust Ancillary benefits including accident insurance, hospital insurance, etc
- Wellhub (Gympass) Wellness Benefit
- Powersports Safety Benefit
