Information Security Manager

Varo is an entirely new kind of bank. All digital, mission-driven, FDIC insured and designed for the way our customers live their lives. A bank for all of us.
Varo is building out a world-class Information Security Team. The Information Security Manager position is a critical role at Varo and will report to the Chief Information Security Officer (CISO). This role will be responsible for providing management of security assessment functions.

What you’ll be doing

• Assist in the development, implementation, and maintenance of an industry-standard, sustainable security program that will make regulatory examinations and audits sustainable and easy
• Identify information security risks across various functions with a focus on data protection, privacy, and fraud
• Implement and utilize GRC, project management, and other tools for continuous monitoring of information security controls, assessments, testing and developing reporting metrics, dashboards, and evidence artifacts required for sustainable compliance
• Lead and carry out information security risk assessment activities from a second-line perspective to monitor existing known risks or surface unknown risks through identification and qualification exercises
• Develop/update and communicate/educate all the stakeholders about the security controls covering internal assessmentsConduct internal assessments (e.g.,FFIEC CAT, GLBA, NIST CSF, PCI DSS) and conduct/support other audits and assessments (e.g., SOC 2 Type 2, internal, external and regulatory audits )
• Collaborate with first-line security teams to ensure information security controls are in place, such as assessing vulnerability management scans, patching status, secure baselines, and penetration test results, and assist in prioritizing remediation efforts
• Drive the user awareness program around information security. This includes developing and running phishing campaigns, lunch and learn sessions, annual awareness training, and other activities to keep security front of mind
• Participate and provide security guidance in security-related projects including but not limited to Threat Intelligence, Data Loss Prevention, IAM, PAM, etc.
• Collaborate with Third-party Risk Management and Contract Teams to review third-party’s information and cyber security risks

You’ll bring the following required skills and experiences

• 4+ years of Big 4 experience in an Information Security/Governance Audit/Advisory role
• 5-7 years of Information Security experience with a financial institution, a fintech company, or a provider to the financial services business sector
• Risk management processes leveraging a GRC tool, Archer preferred
• Experience implementing/evaluating Identity and Access Management, Data Loss Prevention, Vulnerability Management, Endpoint Controls, macOS workstations, and Policies/Standards
• Implementing and reporting on information security & privacy controls; expert knowledge of NIST Cyber Security Framework, Risk Management Framework, GLBA assessment, Control frameworks, FFIEC Cybersecurity Assessment Tool, PCI-DSS, and Cloud Security Alliance - Cloud Security Controls matrix
• B.S. in Information/Cyber Security or Computer Science, Information Technology (Must have)
• Security certifications (CISA and/or CISSP are must-haves, ISSMP, CISM, CCSP, and/or other comparable certifications preferred)
• Experience reporting/presenting to the senior management, the Board, and/or Committees of the Board on the status of risk assessments, information security controls
• Cloud security experience is highly desired
• Willingness to travel to different company sites on occasion as needed

#MidSenior
We recognize not everyone will have all of these requirements. If you meet most of the criteria above and you’re excited about the opportunity and willing to learn, we’d love to hear from you!
About VaroVaro launched in 2017 with the vision to bring the best of fintech into the regulated banking system. We’re a new kind of bank – all-digital, mission-driven, FDIC-insured, and designed around the modern American consumer. 
As the first consumer fintech to be granted a national bank charter in 2020, we make financial inclusion and opportunity for all a reality by empowering everyone with the products, insights, and support they need to get ahead. Through our core product offerings and suite of customer-first features, we aim to address a broad range of consumer needs while profitably serving underserved communities that have been historically excluded from the traditional financial system.
We are growing quickly in our hub locations of San Francisco, Salt Lake City, and Charlotte along with colleagues located across the country. We have been recognized among Fast Company’s Most Innovative Companies, Forbes’ Fintech 50, and earned the No. 7 spot on Inc. 5000’s list of fastest-growing companies across the country.
Varo. A bank for all of us.
Our Core Values- Customers First- Take Ownership- Respect- Stay Curious- Make it Better
Learn more about Varo by following us:Facebook - https://www.facebook.com/varomoneyInstagram - www.instagram.com/varobankLinkedIn - https://www.linkedin.com/company/varobankTwitter - https://twitter.com/varobankEngineering Blog - https://medium.com/engineering-varoSoundCloud - https://soundcloud.com/varobank


Varo is an equal opportunity employer. Varo embraces diversity and we are committed to building teams that represent a variety of backgrounds, perspectives, and skills. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Beware of fraudulent job postings!Varo will never ask for payment to process documents, refer you to a third party to process applications or visas, or ask you to pay costs. Never send money to anyone suggesting they can provide work with Varo.  If you suspect you have received a phony offer, please e-mail careers@varomoney.com with the pertinent information and contact information.
CCPA Notice at Collection for California Employees and Applicants: https://www.varomoney.com/privacy-legal/