Manager, Governance, Risk & Compliance (GRC)

About the position

Flex is a growth-stage, NYC headquartered FinTech company that is creating the best rent payment experience. It’s hard to believe that it’s 2025 and paying rent on time is expensive, inflexible, and difficult. We’re here to change that! Flex enables our users to pay rent throughout the month on a schedule that better fits their finances and budget. Our mission is to empower as many renters as possible with flexibility over their most significant recurring expense. After deliberately keeping a stealth profile as we built up unprecedented investor support and an enthusiastic user base, we are looking for motivated individuals to help us keep our mission growing. Will you be a part of the team? As the GRC Manager reporting directly to the Head of Security, you will play a pivotal role in shaping and maintaining the organization's governance, risk, and compliance programs. Your expertise will be crucial in ensuring adherence to regulatory requirements, industry standards, and internal policies. This is a hybrid position with on-site expectations of 3 days per week in our New York Headquarters. For candidates outside of the NY/NJ area, you may be eligible for our relocation assistance program.

Responsibilities

• Lead SOC 2 audit preparation and ongoing compliance efforts
• Utilize Vanta to automate and streamline compliance processes
• Contribute to the implementation and maintenance of NIST Cybersecurity Framework (CSF) controls
• Assist in ensuring compliance with NYDFS Cybersecurity Regulations
• Conduct risk assessments and develop mitigation strategies
• Create and update policies, procedures, and controls documentation
• Collaborate with internal stakeholders to support the implementation and monitoring of security controls
• Assist in preparing comprehensive reports for management on compliance status and risk exposure
• Stay informed about evolving regulatory requirements and industry best practices, sharing insights with the team

Requirements

• Bachelor's degree in Information Security, Computer Science, or a related field
• Minimum 3 years of experience in GRC, information security, or related roles
• Proven experience with SOC 2 audit preparation and compliance
• Proficiency with Vanta or similar compliance automation tools
• Strong knowledge of NIST CSF and NYDFS Cybersecurity Regulations
• Excellent analytical and problem-solving skills
• Outstanding written and verbal communication abilities
• Fluency in English at the C2 level
• Self-motivated with the ability to work independently in a remote environment

Nice-to-haves

• ISACA CISA certification
• Experience in the fintech or financial services industry
• Familiarity with other frameworks such as ISO 27001, GDPR, or PCI DSS

Benefits

• Competitive pay
• 100% company-paid medical, dental, and vision
• 401(k) + company equity
• Unlimited paid time off with a PTO minimum + 13 company paid holidays
• Parental leave
• Flex Cares Program: Non-profit company match + pet adoption coverage
• Free Flex subscription