Security GRC Manager

Security GRC Manager

Credit Genie is a mobile-first financial wellness platform designed to help individuals take control of their financial future. We leverage artificial intelligence to provide personalized insights and are building a financial ecosystem by offering tools and services that provide instant access to cash, and building credit. Our goal is to empower every customer to achieve long-term financial stability.

Founded in 2019 by Ed Harycki, former Swift Capital Founder (acquired by PayPal in 2017). Backed by Khosla Ventures and led by industry pioneers from companies such as; PayPal, Square, and Cash App, we are well positioned to build the future of inclusive finance through cutting-edge technology and customer-centric solutions.

We are seeking a Security GRC Manager to lead our security governance, risk, and compliance program in a fast-paced fintech environment. This role is responsible for ensuring our security posture aligns with regulatory requirements, industry standards, and business objectives while enabling innovation and growth.

You will partner closely with Engineering, Product, IT, Legal, and Compliance teams to design scalable security controls that support a highly regulated financial ecosystem.

What You'll Do

• Develop, maintain, and enforce information security policies, standards, and procedures
• Align security governance with frameworks such as NIST CSF, ISO 27001, SOC 2, and PCI DSS
• Establish security metrics and reporting for leadership and board-level visibility

• Lead enterprise risk assessments, including company security risk profile and third-party risk evaluations
• Maintain and evolve a security risk register, including tracking and remediation efforts
• Partner with Engineering and IT to prioritize and mitigate security risks across systems and infrastructure

• Own and manage security and privacy compliance obligations (e.g., SOC 2 Type II, PCI DSS, GLBA, FFIEC)
• Coordinate internal and external audits, including evidence collection and auditor engagement
• Monitor regulatory changes in the areas of security and privacy that impact the company, and ensure continuous compliance

• Implement and manage third-party risk management (TPRM) processes
• Conduct outbound security due diligence of vendors and partners
• Support inbound security due diligence from vendors, partners, and investors
• Track ongoing vendor compliance and risk posture

• Lead company-wide security awareness programs
• Promote a culture of security across technical and non-technical teams

• Work with Legal, Compliance, and Privacy teams on regulatory obligations and data protection
• Support incident response from a compliance and reporting perspective
• Provide guidance during product development to ensure secure-by-design practices
• Provide support to Product, Engineering, and IT regarding security best practices and compliance obligations

Requirements

• 5–8+ years in information security, with a focus on security risk and compliance
• Experience in fintech, banking, payments, or other regulated industries
• Strong knowledge of frameworks (e.g., SOC 2, ISO 27001, NIST CSF, PCI DSS, CIS CSC)
• Experience managing audits and working with external auditors (SOC 2 and/or PCI DSS)
• Familiarity with U.S. regulatory requirements (e.g., GLBA, FFIEC guidance)
• Excellent communication skills, including executive-level reporting

Nice to Have

• Certifications such as CISSP, CISM, CRISC, or CISA
• Experience with cloud environments (AWS)
• Knowledge of privacy regulations (e.g., CCPA, CPRA)
• Experience building or scaling security GRC programs in a high-growth company
• Familiarity with compliance automation platforms such as Vanta

What Success Looks Like

• Clean audit results with minimal findings
• A mature, scalable GRC program aligned with business growth
• Clear visibility into risk posture across the organization
• Strong partnerships with Engineering, Product, IT Compliance, Legal, and Leadership

Benefits and Perks

Our goal is to provide a comprehensive offering of benefits and perks that promote better financial, mental, and physical wellness.

We believe working alongside each other in person is the best way to build a great product and foster a strong company culture. Our expectation is that employees are in the office five days a week, allowing for optimal collaboration, inclusivity, and productivity. At the same time, we understand that life happens and recognize the importance of flexibility. We are committed to supporting our employees when circumstances arise that require remote work or adjusted schedules. Our goal is to ensure everyone can effectively balance personal and professional responsibilities while maintaining our collaborative and productive environment.

Here are some highlights of our benefits and perks offerings, feel free to ask your recruiting partner for more details on our comprehensive offering for employees.

• 100% company-paid medical, dental, and vision coverage for you and your dependents on your first day of employment.
• Receive up to $100 per month in fitness reimbursement or enjoy a complimentary full membership to LifeTime Fitness or Equinox.
• 401(k) with a 3.5% match and immediate vesting
• Meal program available for both lunch and dinner
• Pre-tax benefits, including a $1,000 HSA match
• Life and accidental insurance
• Flexible PTO

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience. Base salary is just one part of your total compensation and rewards package at Credit Genie. You may also be eligible to participate in the bonus and equity programs. You will also have access to comprehensive medical, vision, and dental coverage, a 401(k) retirement plan with company match, short & long term disability insurance, life insurance, and flexible PTO along with many other benefits and perks.

Credit Genie is a proud Equal Opportunity Employer where we welcome and celebrate differences. We are committed to providing a workspace that is safe and inclusive, where everyone feels supported, connected, and inspired to do their best work. If you require any accommodations to participate in our recruitment process, please inform us of your needs when we contact you to schedule an interview.