Sr. GRC Security Analyst

ABOUT OPORTUN

Oportun (Nasdaq: OPRT) is an A.I.-powered digital banking platform that seeks to make financial health effortless for anyone. Driven by a mission to provide inclusive and affordable financial services, Oportun helps its nearly 1.5 million hardworking members meet their daily borrowing, savings, banking, and investing needs. Since inception, Oportun has provided more than $12 billion in responsible and affordable credit, saved its members more than $2 billion in interest and fees, and automatically helped members set aside more than $7.2 billion for rainy days and other needs. In recognition of its responsibly designed products, Oportun has been certified as a Community Development Financial Institution (CDFI) since 2009.

With headquarters in California and a remote-first corporate culture, our 3,000+ team members work in Oportun locations and remotely throughout the United States, Mexico, and India.  Our global operations include our Mexico contact centers and administrative offices, our India technology development center, and our US corporate, technology, and retail operations.

We are proud to have been named a “Top Workplace” by the Bay Area News Group for three consecutive years, one of Fast Company’s Most Innovative Companies in the World for 2020 and recognized as one of TIME Magazine’s 2018 Genius Companies Reinventing the Future.

WORKING AT OPORTUN

Working at Oportun means enjoying a differentiated experience of being part of a team that fosters a diverse, equitable and inclusive culture where we all feel a sense of belonging and are encouraged to share our perspectives. This inclusive culture is directly connected to our organization's performance and ability to fulfill our mission of delivering affordable credit to those left out of the financial mainstream. We celebrate and nurture our inclusive culture through our employee resource groups and our Diversity, Equity, Inclusion and Belonging Council.

Position Overview

As a member of the Information Security Governance, Risk & Compliance (GRC) team at Oportun, the Security GRC Senior Analyst will identify, develop, implement, and maintain procedures, standards, and controls across the enterprise to govern the protection of enterprise information systems, networks, and data. The Information Security Risk Analyst will be responsible for assessing technology and security risks related to ongoing operations in a manner that is consistent with Oportun’s strategic goals, organizational objectives, and risk appetite. Responsibilities will include assessing information security risks, monitoring ongoing risks, creating and reporting on current status of information security risks, and contributing to strategic and tactical objectives aimed at reducing overall information security risk exposure. This is an individual contributor role with the option of being fully remote.

By joining Oportun, the firm will invest in your personal growth in the areas of technical aptitude, leadership skills, and business acumen. Analysts will work cross-functionally with business partners and key stakeholders to deliver clear recommendations and solutions that drive results. This is an exciting opportunity in an innovative organization where your contributions will have a meaningful impact on broadening access to financial products for consumers with little or no credit history.

Responsibilities

Develop and implement information security programs and security control assessment strategies
• Responsible for creating and maintaining a risk register of cyber exceptions and vendor risk assessments for risk identification 
• Write, manage, publish, and update all internal technical cyber governance documentation
• Responsible for conducting risk analyses and security evaluations of Oportun systems and processes
• Provides expertise for resolution and risk mitigation for identified risks
• Integrate risk assessment processes and output into Oportun’s Security Exception program
• Support the intake, triage, and processing of reported risks and identified gaps
• Develops, tracks, and reports on Key Risk Indicators (KRIs) for information security risks
• Monitors, tracks, and reports mitigation and resolution of information security risks
• Effectively communicate key risks, findings, and recommendations for improvement with key stakeholders.
• Deliver customer first solutions optimized for Service Now and Jira ticketing, with triage, streamlined response, resolution measurement
• Manage security controls involving password and access management, segregation of duties, logging and monitoring, data encryption, data backup and recovery, disaster recovery, business continuity management, etc.
• Support cyber audit activities and management of cyber controls tools and platforms
• Provide and oversee the periodic reporting on information security risks and gaps for compliance with the enterprise information security policies, standards, and procedures among employees, contractors, alliances, and other third parties
• Ensure enterprise cybersecurity processes meet all industry regulations, standards, and compliance requirements

Qualifications

• 6+ years of Risk Management, Information Security, IT Auditing or equivalent experience
  • 4+ years of producing Information Security Governance documentation, technical experience in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination of education and work experience
  • 3+ years performing information security risk analyses and interfacing directly with a security or technology teams
  • Cloud Security certifications, hands on infrastructure experience, basic scripting (Python) and automation experience a plus
  • Bachelor’s degree / Graduate degree from an accredited institution in a field of study related to the role
  • Demonstrates a strong understanding of the Information Security, IT environment and its impact on business risk
  • Has a thorough knowledge of the broad aspects of information security, CIS Controls Framework, NIST CSF and can apply that knowledge to solve problems
  • Extensive experience conducting information security control assessments in domains such as Access Management, Application Security, Data Protection, Vulnerability Management, Network Security, Configuration Management, etc.
  • Highly proficient in  effectively communicating highly technical cybersecurity concepts to non-technical staff and stakeholders
  • Excellent communication skills, strong interpersonal awareness, attention to detail, and the ability to foster cooperation and trust across groups
  • Experience using JIRA, Confluence, ServiceNow; including creating reports, charts and dashboards
  • Proven experience with development and/or management of metrics and executive reporting
  • Ability to multi-task in a fast-paced, cross-functional team environment and develop risk-related recommendations to challenges with limited guidelines
  • Ability to use independent judgement to make sound decisions, adapt to and manage competing priorities and meet deadlines
  • Strong verbal and written communication skills
  • Rigorous attention to detail

We are proud to be an Equal Opportunity Employer and consider all qualified applicants for employment opportunities without regard to race, age, color, religion, gender, national origin, disability, sexual orientation, veteran status or any other category protected by the laws or regulations in the locations where we operate.