Information Security GRC Senior Specialist

Full Time
San Francisco, CA
Areas of Interest: Incident Response, Information Assurance (IA) Compliance, Test and Evaluation, Vulnerability Assessment and Management
report a problem

SoFi is seeking an experienced Information Security and Privacy professional to support the Director of Information Security / Governance Risk and Compliance (GRC)  to manage its information security risk and compliance program. The Information Security / GRC Senior will work with cross-functional teams, including Engineering to support our information security and GRC programs.

SoFi is a forward-thinking company that is transforming financial services. Recently ranked as one of the fastest growing fintech companies in the U.S, SoFi is nearly 1000 employees strong. We offer the excitement of a rapidly growing startup with the stability of a seasoned management team.


  • Execution and delivery on a broad range of projects including an enterprise wide security assessment.
  • Identify security risks around cloud services (IaaS, PaaS, SaaS)
  • Manage the Information Security and Privacy portfolio of initiatives
  • Create detailed process flow diagrams
  • Perform vendor security and privacy due diligence
  • Create and/or update technical security standards for our main technologies
  • Coordinate pen-tests
  • Assist in all aspects of the Governance, Risk and Compliance program.
  • Conduct preliminary analysis of new technologies, vulnerability finding, or security incidents.
  • Perform security reviews prior to new tools deployment.
  • Minimum qualifications
  • BS degree in Computer Information Systems or related field
  • 3+ years of experience in compliance and security risk management
  • Strong program management background and leadership skills
  • Knowledge of frameworks/standards such as NIST and PCI
  • Deep experience implementing and leading information security and risk management programs
  • Demonstrate in-depth information security capabilities and professional knowledge
  • Self-starter with strong interpersonal and communication skills
  • Demonstrate ability to assimilate to new knowledge
  • Experience in performing analysis of IT Security program and related processes/functions – performing current state assessment via interviews, determining necessary future state, providing recommendations to reduce risk and improve effectiveness

Preferred qualifications

  • Big 4, or management/IT consulting experience
  • Experience performing an enterprise wide risk assessment.
  • CISSP, CISM, CISA, CIPP and similar certifications


  • Catered lunches, a fully stocked kitchen, and subsidized gym membership.
  • Competitive salary packages and bonuses.
  • A flexible vacation policy allows you to truly relax and reboot.
  • Comprehensive health, vision, dental, and life insurance as well as disability benefits.
  • 100% of health, vision, and dental premiums paid by SoFI for employees and their dependents.
  • 401(k) and education on retirement planning.
  • Tuition reimbursement on approved programs, up to $5,250 a year.
  • Monthly contribution to help you pay off your student loans.

Share this job:


SoFi is a new kind of finance company. From unprecedented products and tools to faster service and open conversations, we’re all about helping our members get ahead and find success. Whether they’re looking to buy a home, pay off their student loans, ascend in their careers, or invest in the future, the SoFi community works to empower our members to accomplish the goals they set and achieve financial greatness as a result.

Visit SoFi 's Social Media pages:
Company Industry: Financial Services
Company Type: Privately Held
Company Size: 501-1000