Senior Security GRC Manager - Remote

Get AI-powered advice on this job and more exclusive features.

Company Description
PayNearMe develops technology to facilitate the end-to-end customer payment experience, making it easy for businesses to accept, disburse and manage payments. Our modern and reliable platform lowers the total cost of payments by increasing acceptance rates, driving self-service and simplifying exceptions. We future-proof our clients’ payments roadmap by including all payment types and channels through a single contract and integration. With PayNearMe, businesses can transform the outdated systems holding them back from achieving progress. PayNearMe has over 200 employees, closed a $45M Series D round in June 2023 and is processing over billions in payments annually. We’re headquartered in Silicon Valley with our employees distributed all across the U.S. Help us solve our clients’ biggest payment problems.

Job Description
We are seeking a detail-oriented and proactive Sr. Security GRC Manager to join our team. This role is responsible for identifying, assessing, and mitigating information technology and information security risks. The Sr. Security GRC Manager will work closely with various departments to ensure compliance with industry standards and regulatory requirements, while also helping to protect the company’s information assets and maintain the integrity of our payment platform.

The Sr. Security GRC Manager will play a crucial role in safeguarding PayNearMe’s information assets and ensuring the security and integrity of our payment platform. By effectively managing IT/IS risks, the specialist will help maintain our company’s reputation for data safety and regulatory compliance, supporting our mission to provide secure and reliable payment solutions.

• Identify, assess, and mitigate information security risks across the organization.
• Maintain and execute a comprehensive IT/IS risk management program.
• Leverage, optimize, and automate GRC tools to enhance risk visibility and management.
• Conduct risk assessments to ensure compliance with industry standards and regulatory requirements.
• Collaborate with internal teams to implement risk mitigation strategies and controls.
• Monitor and analyze technology and security control effectiveness to identify risks and areas for improvement.
• Develop and maintain risk management policies, procedures, and documentation.
• Provide training and guidance to employees on IT/IS risk management best practices.
• Stay current with emerging trends and developments in IT/IS risk management.
• Provide actionable insights and recommendations in risk reports presented to senior management and stakeholders.

Qualifications

• 5+ years of experience implementing and managing IT/IS risk management frameworks (e.g. PCI-DSS, NIST, ISO27001, SOC2 CMMC, COSO ERM).
• Strong understanding of risk management principles, practices, and frameworks.
• Experience conducting assessments and control evaluation with information security regulations and industry standards (e.g. NIST, CIS, FFIEC Guidelines, PCI-DSS, SOC2).
• Proficiency with risk management tools and software (e.g. Anecdotes, Archer, ServiceNow, or equivalent platforms).
• Demonstrated experience in developing and implementing risk frameworks and conducting risk and control self-assessments (RCSA).
• Demonstrated ability applying GDPR, FedRAMP, and/or FFIEC Guidelines into a security risk framework.
• Proven skills in evaluating complex problems, identifying root causes, and developing effective, risk-minded solutions.
• Strong communication and interpersonal skills in fostering collaborative working relationships.
• Demonstrated capability to work autonomously on complex tasks, while contributing to the success of team and cross-functional objectives.
• Excellent organizational skills with a calculated approach to managing competing priorities, ensuring quality, and meeting deadlines.

Preferred Qualifications

• Relevant certifications (e.g., CRISC, CISSP, CISM, ITIL).
• Experience in the financial technology sector with a publicly traded company.
• Knowledge of cloud security and understanding of cloud platforms (e.g., AWS, Azure, Google Cloud).
• Familiarity with data protection laws and regulations (e.g., GDPR, CCPA, HIPAA).
• Bachelor’s degree in Computer Science, Information Security, Risk Management, or a related field, or equivalent hands-on experience managing IT/IS risk frameworks.

Benefits

• Base salary per year (paid semi-monthly).
• Fast-paced and professional work culture.
• Stock options with standard startup vesting - 1 year cliff; 4 years total.
• $50 monthly communication expense stipend to go towards your phone/internet bill.
• $250 stipend to enhance your WFH setup.
• Reimbursement for peripheral equipment: monitor (up to $400), keyboard and mouse (up to $200).
• Premium medical benefits including vision and dental (100% coverage for employees).
• Company-sponsored life and disability insurance.
• Paid parental bonding leave.
• Paid sick leave, jury duty, bereavement.
• 401k plan.
• Flexible Time Off (our team members typically take off ~3-4 weeks per year).
• Volunteer Time Off.
• 13 scheduled holidays.
• 4-6x / year in-person team meet-ups.

Salary Range: $140,000 - 180,000

PayNearMe strives to create a workplace where all employees thrive. We welcome candidates from all backgrounds, experiences, and perspectives. Our core values represent who we are today and we take pride in the way we work with each other as well as with our stakeholders. If you meet the majority of the qualifications and bring enthusiasm for the role, we encourage you to apply.

We’re in this together to do the right thing . We deliver real results we are proud of while remaining respectful , transparent , and flexible .

PayNearMe is an equal opportunity employer. We are diligently and thoughtfully working towards cultivating a diverse workforce which in turn, enhances our products and services for the communities we serve. Applicants who represent all backgrounds are strongly encouraged to apply.

Candidate information will be treated in accordance with our job applicant privacy notice found at:

Assistance for Disabled Applicants
Alternative formats of this Notice are available to individuals with a disability. Please let us know if you need assistance.

All your information will be kept confidential according to EEO guidelines.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology