Security Analyst - Governance, Risk, and Compliance
San Francisco, CA OR Remote
Applications have closed
Prosper
Discover a credit card, personal loans, or home equity options. Explore financial education. Meet your financial needs and find peace of mind with ProsperAbout Our Technology TeamWe are aggressively growing our Technology team to support our various financial products. The ideal candidate is passionate about learning the Fintech domain and delivering cutting-edge, high-quality solutions to solve business problems. We utilize a progressive, test-driven, Agile development methodology that places a high premium on communication, teamwork, sound design and clean implementation.
Our ValuesDiversity expands opportunitiesCollaboration creates better solutions Curiosity fuels our innovationIntegrity defines all our relationshipsExcellence leads to longevity Simplicity guides our user experience Accountability at all levels drives results
COVID-19 Vaccination PolicyProsper is continuing to grow our team during the COVID-19 pandemic, conducting fully remote hiring and onboarding processes. Our philosophy as a business is to approach the COVID-19 situation with empathy and urgency. Prosper’s top priority is the health and safety of our employees and of the communities we serve, including our customers, partners, prospects, and candidates. In accordance with this priority, along with our legal responsibility to provide and maintain a workplace that is safe and free of known hazards, we have adopted a COVID-19 Vaccination Policy which requires all of our employees to receive vaccinations, unless they have an approved accommodation.
www.prosper.comOur Story & Team // Our Blog
Prosper is seeking a detail oriented, highly motivated, technology savvy and passionate security professional with a desire to support, promote and further mature the company's security GRC program.
Responsible in executing various security compliance initiatives such as risk assessments, security control audits and 3rd party risk assessments. You will use your strong communication, analytical and troubleshooting abilities to quickly identify and report on controls from various security domains, control and/or process gaps and to identify process and technology opportunities.
Problems You Will Solve
- Conduct periodic information security (and privacy) risk assessments
- Review, audit, and monitor security compliance programs against security policies, standards, and frameworks such as PCI-DSS, NIST, SOC 2, etc.
- Support developing remediation plans for issues and risks, coordinate activities with owners, and track remediation to completion
- Assist in documenting, and maintaining the security control matrix
- Support the management of documentation such as security policies, standards and guidelines, process, and data flows
- Perform periodic user access reviews
- Lead evidence collection for external audits related to SOC1, SOC2, PCI-DSS, etc.
- Perform vendor security risk assessments
- Assist in maturing partner and investor due diligence program as it relates to queries about information security
- Build and cultivate positive working relationships with stakeholders across various teams
About You
- B.S. degree in Management Information Systems, Computer Science, Business, or any technology related field
- 3-4 years of risk management, internal controls, security audit, control framework/compliance, information security, and/or technology process experience
- Very high attention to detail, high integrity, and business ethics
- Excellent skills around troubleshooting, problem-solving, analytical thinking, and project management
- Knowledge/Experience in security technologies such as firewalls, IDS, DLP, Vulnerability Scanners, DAM, etc.
- Ability to work independently to achieve objectives and deliver results
- Experience in security standards/frameworks such as PCI-DSS, NIST, SOC 2, etc.
- CISSP, CISA, CISM or similar security certification is ideal
- Big 4 Consulting experience is a plus
Applicants have rights under Federal Employment Laws.Family & Medical Leave Act (FMLA)Equal Employment Opportunity (EEO)Employee Polygraph Protection Act (EPPA)
California applicants: please click here to view our California Consumer Privacy Act (“CCPA”) Notice for Applicants, which describes your rights under the CCPA: https://www.prosper.com/plp/legal/privacy-notice-for-applicants/
At Prosper, we're looking for people with passion, integrity, and a hunger to learn. We encourage you to apply even if your experience doesn't precisely match the job description. Your unique skill set and diverse perspective will stand out and set you apart from other candidates. Prosper thrives with people who think outside of the box and aren't afraid to challenge the status quo. We invite you to join us on our mission to advance financial well-being.
Prosper is committed to an inclusive and diverse workplace. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law, including the San Francisco Fair Chance Ordinance. Prosper will consider for employment qualified applicants who are non-US citizens and will provide green card sponsorship.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Audits CCPA CISA CISM CISSP Compliance Computer Science Finance FinTech Firewalls Governance IDS NIST Polygraph Privacy Risk management SOC 1 SOC 2
Perks/benefits: Career development Medical leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs