Program Manager - Security Compliance
Cottonwood Heights, Utah, Remote
Who we are:
Shape a brighter financial future with us.
Together with our members, we’re changing the way people think about and interact with personal finance.
We’re a next-generation fintech company using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.
The Governance, Risk, and Compliance (GRC) team handles a wide range of cross-functional activities, from security compliance certifications and audits, to risk management, inbound and outbound due diligence, third party risk management, security awareness, policy and procedures, PCI DSS and other standard compliance, and much more.
Each of these ongoing parallel activities entails interpreting and setting requirements, assessing the effectiveness of security controls, risk-based decision making, cross-functional collaboration and communication, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy.
We are seeking an experienced Security Compliance Manager responsible for overseeing the organization's compliance with the Payment Card Industry Data Security Standard (PCI DSS). As an individual contributor, this role ensures that all required processes, procedures, and controls are implemented and maintained to protect cardholder data and ensure our ongoing compliance with PCI DSS requirements.
- Develop and maintain the organization's PCI DSS compliance roadmap
- Partner with stakeholders and cross-functional partners to identify, document, and communicate project/program scope, schedule, risks, and issues
- Serve as the primary point of contact for PCI Qualified Security Assessors (QSAs), Approved Scanning Vendors (ASVs), and relevant external partners.
- Be the subject matter expert for PCI DSS compliance across SoFi
PCI Security assessments:
- Coordinate PCI DSS annual assessments, vulnerability scans, and penetration testing with various internal and external stakeholders
- Perform ongoing compliance checks to ensure continuous compliance.
- Facilitate code reviews, architecture reviews, API security reviews and third party reviews with engineering and security teams for PCI scoped environment
- Lead PCI governance for cardholder data environment
- Collect, prioritize, track, and drive issues to resolution/closure
Policy and Procedure Development:
- Collaborate with relevant departments to maintain and update PCI DSS-compliant policies, controls and procedures
- Regularly review and update the organization's policies and procedures to ensure ongoing compliance
Training and Awareness:
- Conduct PCI DSS awareness and training sessions for staff
- Ensure all relevant personnel are aware of PCI DSS requirements as they pertain to their roles
- Identify potential areas of compliance vulnerability and risk
- Develop and implement corrective action plans for resolution of problematic issues
- Provide guidance on risk mitigation techniques related to PCI DSS
- Assist with any potential cardholder data breaches or incidents, ensuring they are appropriately addressed, documented, and reported in accordance with PCI DSS requirements
- Provide regular updates to leadership on the status of PCI DSS compliance, including any potential risks or issues
- Stay updated on changes to the PCI DSS and related industry best practices
- Recommend improvements to enhance the security posture and efficiency of the organization's PCI program
- Minimum of 7 years of experience in PCI DSS compliance, preferably in a similar role.
- Strong understanding of information security principles, best practices, and the PCI DSS.
- Excellent organizational and technical program management skills.
- Strong interpersonal and communication skills.
- Experience assessing security in a cloud-hosted environment
- Experience managing SOC2, PCI DSS, SOX ITGC, GLBA or other compliance standards and framework programs
- Demonstrated ability to assimilate new knowledge quickly
- Comfortable working in a fast-paced, dynamic environment, and managing multiple projects concurrently
- MS in a technical field or equivalent experience
- Relevant certifications such as Qualified Security Assessor (QSA) Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), PCI Professional (PCIP), AWS Certified Solutions Architect - Associate or AWS Certified Security Specialty
- Experience with network and firewall reviews, review of technical flows and architecture diagrams, data classification, SIEM logging tools, cloud security posture management, compliance scanning solutions, vulnerability scanners, data security posture management
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
SoFi is committed to embracing diversity. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email email@example.com.
Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Audits AWS CISM CISSP Cloud Compliance Finance FinTech Firewalls Governance Incident response PCI DSS Pentesting Privacy Risk management Security assessment SIEM SOC 2 Strategy Vulnerability scans
More jobs like this
Tampa, Florida, United States Tampa, Florida, United States Full TimeSenior Senior-levelUSD 87K - 120K * USD 87K+ *
Chief Cyber Security Officer (Hybrid Onsite-Remote)Artificial Intelligence AWS Azure CEH CISSP Clearance +25
Career development Health care Insurance Relocation support Team events +1
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open SOC Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Staff Security Engineer jobs
- Open Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open o365 Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open DoD-related jobs