Information Security Compliance Program Manager

Job description

Employee Applicant Privacy Notice

Who we are:

Welcoming, collaborative and having the opportunity to make an impact - is how our employees describe working here.  Galileo is a financial technology company that provides innovative and revolutionary software products and services that power some of the world’s largest Fintechs. We are the only payments innovator that applies tech and engineering capabilities to empower Fintechs and financial institutions to unleash their full creativity to achieve their most inspired goals. Galileo leads its industry with superior fraud detection, security, decision-making analytics and regulatory compliance functionality combined with customized, responsive and flexible programs to accelerate the success of all payments companies and solve tomorrow’s payments challenges today. We hire energetic and creative employees while providing them the opportunity to excel in their careers and make a difference for our clients. Learn more about us and why we work here at https://www.galileo-ft.com/working-at-galileo.

About The Role

The Governance, Risk, and Compliance (GRC) team handles a wide range of cross-functional activities, from security compliance certifications and audits, to risk management, inbound and outbound due diligence, third party risk management, security awareness, policy and procedures, and more.

Each of these ongoing parallel activities entails interpreting and setting requirements, assessing the effectiveness of security controls, risk-based decision making, cross-functional collaboration and communication, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy.

We are seeking an experienced Security Compliance Program Manager responsible for monitoring and governing security controls in the cloud based on regulatory/compliance requirements and industry standards. Candidates must be able to assimilate knowledge quickly, understand stakeholder’s business challenges/risks, and act as a trusted advisor to lead change, policy adoption and monitor compliance against policies and standards.

Key job responsibilities:

• Own and manage ongoing cybersecurity audits and assessments including SOC 2, GLBA, NYDFS, SOX, and other regulatory or client-driven reviews

• Serve as the primary liaison between internal stakeholders (i.e. Cybersecurity, Technology, Internal Audit, HR, Legal, etc.) and external auditors, regulators, and third-party assessors

• Monitor compliance with cybersecurity policies and standards and assess security compliance risks for bank scoped products, processes and technologies

• Partner with stakeholders to conduct walkthroughs and create process maps for critical cybersecurity processes, facilitating in risk and control identification and ensure the environment is operating safely and in control

• Translate technical controls and requirements into audit-ready evidence, and work with technical teams to align implementations with compliance expectations

• Support regulatory, third party attestation, and Internal Audit, audit readiness activities, ensuring control design and execution meet internal policy and external regulatory standards

• Communicate clearly and effectively with both technical and non-technical audiences, including executives, control owners, and external assessors.

Minimum qualifications

• BS degree in Computer Information Systems or related field

• 7+ years of experience with security GRC initiatives

• Experience with regulatory cybersecurity compliance examinations

• Substantive and current knowledge of transaction banking compliance, consumer and commercial lending, deposit, wires, cards and privacy regulations applicable to banks

• Experience with onboarding and monitoring cybersecurity controls in cloud environments specifically AWS

• Experience managing SOC2, PCI DSS, SOX ITGC, GLBA or other compliance standards and framework programs

• Strong knowledge of security risk management and running audits/certification programs

• Self-starter with strong interpersonal and communication skills

• Demonstrate ability to assimilate new knowledge quickly

• Comfortable working in a fast-paced, dynamic environment, and managing multiple projects concurrently

• Experience with managing programs in GRC tools

Preferred qualifications

• Banking/Fintech, Big 4, or management/IT consulting experience

• Direct experience with regulatory cybersecurity compliance examinations

• Relevant certification (e.g. CISA, CISSP, PCI QSA, AWS certifications) or equivalent expertise

• Have knowledge of Fedline solution security and resiliency assurance program, NIST 800-⁵³⁄₈₀₀-37, NIST CSF, SOC 2, PCI, NYDFS NYCRR PART 500 and/or ISO 27001 standards, integrated controls framework, and evaluating design and effectiveness of IT controls working directly with auditors, regulators, investors

• Experience in building successful compliance programs for banks or fintech

• Experience defining compliance roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule

• Technical fluency; comfortable understanding and discussing technology concepts, experience evaluating tradeoffs and new opportunities with technical team members

Compensation and Benefits

The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.

This role may also be eligible for a bonus and/or long term incentives. Your recruiter will provide more information to you. All roles are eligible for competitive benefits. More information about our employee benefits can be found in the link below.

Benefits

To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi & Galileo page!

US-Based Base Compensation

$134,400—$231,000 USD

Galileo Financial Technologies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.

The Company hires the best qualified candidate for the job, without regard to protected characteristics.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

New York applicants: Notice of Employee Rights

Galileo is committed to embracing diversity. As part of this commitment, Galileo offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email [email protected].

Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.

Internal Employees

If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.