Cybersecurity Risk Director, First Line of Defense

Social Finance - San Francisco, CA

posted 4 months ago

Full-time - Senior
Remote - San Francisco, CA
Religious, Grantmaking, Civic, Professional, and Similar Organizations

About the position

The Director of SoFi's Cyber Risk Management will be responsible for the development and implementation of SoFi's first line of defense (1LOD) cyber risk control function. This role will be responsible for developing a team with the skills to implement, monitor, and ensure the effectiveness of cyber controls across a wide range of technologies. As a member of the first line of defense (1LOD), the Cyber Risk Director is responsible for the design, development, and execution of the first line's control framework and risk environment. This includes the creation and ongoing evaluation of the policies, standards and procedures that define the 1LOD program as well as the continuous monitoring to ensure controls are designed and operating effectively. The Director will partner and collaborate with other 1LOD areas and the second line of defense (2LOD) to ensure all controls, reviews, corrective action plans, documentation, and reports comply with operational, regulatory, and company guidelines, policies, and procedures. The Director will also work closely with the 2LOD on credible challenges and ensuring adherence with 2LOD policies.

Responsibilities

  • Develop and maintain a risk-based cyber control program to design, implement, and monitor the effectiveness of key controls across the enterprise.
  • Create and enforce methodologies and requirements to be deployed across the 1LOD.
  • Develop, implement, and maintain cybersecurity policies, standards, and procedures.
  • Establish the strategic plan for the development and implementation of the 1LOD control environment and its technical evaluation.
  • Manage the TPRM program to ensure vendor compliance with cybersecurity standards.
  • Prepare and deliver clear, concise, and actionable reporting to senior leadership and governance committees.
  • Develop and deliver cybersecurity training programs.
  • Work closely with senior leadership across the enterprise, within all three lines of defense, to support the continued maturation of the control environment.
  • Lead a team responsible for executing the risk-based control implementation and monitoring program.
  • Proactively identify and work with the Cyber Compliance team to implement control automation, validation strategy and analytics.
  • Own the design, development, and testing of information systems, such as GRC software.
  • Own the cyber risk management process, including the RCSA, ensuring that risks are identified, assessed, and mitigated appropriately within the cybersecurity framework.

Requirements

  • Bachelor's degree
  • 12+ years of relevant technology ownership, operational risk management, regulatory, examination, or internal audit experience
  • Strong understanding of control frameworks, implementation methodologies, and risk assessments
  • Highly effective interpersonal and communication skills and proven ability to positively influence all levels of personnel, including senior leadership
  • Strong understanding of risk governance and first line of defense processes used to manage front line business unit risk management processes
  • Wide breadth of knowledge regarding primary risks associated with the products and services SoFi offers
  • Experience leading and developing team members
  • Experience in banking and/or fintech industry, including regulatory experience
  • Proven success building and implementing control programs to evaluate the design adequacy and effectiveness of key controls
  • Exceptional data visualization skills
  • Knowledge of cloud controls and cloud controls frameworks
  • Self-motivated with strong collaboration and influencing skills
  • Ability to work under pressure, manage multiple tasks and competing priorities, meet deadlines, and adapt to change; comfortable dealing with ambiguity and uncertainty
  • Excellent critical and creative thinking, decision-making, and innovative problem-solving skills

Nice-to-haves

  • Advanced degree; relevant industry certifications, for example, CISSP, CCSK, CISA
  • Ability to drive innovation and new practices
  • Experience interacting with regulators (Federal Reserve, OCC, CFPB)

Benefits

  • Comprehensive and competitive benefits package
  • Equal employment opportunities (EEO)
  • Reasonable accommodations for candidates with disabilities
  • Consideration for employment for qualified applicants with arrest and conviction records

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service