Manager, IT Security Compliance
US Based Remote
Stash
Invest and build wealth with Stash, the investing app helping over 6M Americans invest and save for the future. Start investing in stocks, ETFs and more today.Stash is on a mission to give the financial opportunity to all; we want to build financial systems that work for everyone—not just the wealthy. But that takes more than just a mission. It takes great people and an open, inclusive, and diverse environment where innovation and quality can thrive.
We are looking for a Manager, IT Security Compliance to join our team and protect our rapidly expanding organization. The Manager, IT Security Compliance will be responsible for planning, implementing and maintaining organizational-wide privacy, security, and compliance strategy for the protection of Stash. You’ll work closing with senior management across the firm to build a security posture that protects Stash customer’s information, the Stash platform and the organization at large.
What you’ll do:
- Develop the ongoing privacy, security, and compliance strategy and implementation plan to comply with PCI DSS, SOC2, ISO 27000 series, SOX, NYDFS, CCPA, and GDPR requirements
- Maintain Stash’s information security policies and procedures
- Design controls based on industry best practices and regulatory frameworks
- Assess and monitor the effectiveness of implemented controls, and document control deficiencies
- Track control remediation activities in coordination with business and technical stakeholders
- Lead internal and external compliance activities and audits related to privacy, security, and compliance
- Respond to client inquiries, complete security assessments, and review vendors security questionnaires
- Perform and lead risk assessments for Stash projects, acting as a consultant on security requirements
- Document privacy, security, and compliance risks and coordination with Enterprise Risk Management
- Compile weekly, monthly, quarterly, and annual reporting and metrics covering the current control set for reporting to Stash management
What’s Required:
- Bachelor’s degree or equivalent experience; minimum 6 years of experience in information security in Governance, Risk and Compliance (GRC) domain, and related compliance programs
- Prior experience with implementing and managing compliance programs such as PCI DSS, SOC2, ISO 27000 series, and/or GDPR
- Practical experience in security risk management including the conduct of control assessments, gap analysis, risk mitigation, and risk assessment methodologies.
- Program/project management experience and knowledge of best practices
- Experience with large scale cloud-based technical environments preferred
- Experience with GRC tool specifically ZenGRC, preferred
- CISA, CISM, CISSP, ITIL v3 or similar, preferred
- Automation or scripting experience a plus
At Stash it is our mission to help everyday Americans invest and build wealth. That includes people of all races, genders, and abilities, so it is important to us to acknowledge and address the issues of inequality in financial services head on.
Diversity and inclusion are essential to living our values, promoting innovation, and building the best products. Our success is directly related to our employees and we believe that our team should reflect the diversity of the customers that we serve. As an Equal Opportunity Employer, Stash is committed to building an inclusive environment for people of all backgrounds.
If you require any reasonable accommodations to make your application process more accessible please reach out to recruiting@Stash.com.
Invest in Yourself:
- Equity & Stash Accounts [Invest, Retire, Custodial, Bank]
- Flexible PTO
- Learning & Development Fund
- Work from Home Stipends
- Parental Leave [Primary & Secondary]
Recognition:
- BuiltIn’s Best Places to Work (2019, 2020, 2021)
- Forbes Fintech 50 (2019, 2020, 2021)
- Best Digital Bank, Finovate Awards (2020)
- Tearsheet Challenge Awards, Best Banking Card Product - Stock-Back® Card, 2020
- LendIt Fintech Innovator of the Year (2019 & 2020)
**No recruiters, please**
This position may be performed remotely anywhere within the United States except the State of Colorado.
Tags: Audits Automation Banking CCPA CISA CISM CISSP Cloud Compliance FinTech GDPR Governance ISO 27000 ITIL PCI DSS Privacy Risk assessment Risk management Scripting Security assessment SOC 2 Strategy
Perks/benefits: Career development Equity Flex vacation Parental leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs