Operational Risk Manager

| Greater NYC Area | Hybrid
Sorry, this job was removed at 11:15 a.m. (EST) on Thursday, November 15, 2018
Find out who's hiring remotely in Greater NYC Area.
See all Remote Cybersecurity + IT jobs in Greater NYC Area
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Stash is a digital-first financial services company committed to making saving and investing accessible to everyone. At Stash, our engineers don’t just develop software, they break down barriers and build transparent, technology-driven products that help the 99% build smarter financial habits so they can confidently save more, grow wealth, and enjoy life.

Reporting to our Director of Information Security, the Operational Risk Manager will be responsible for the execution of Stash’s enterprise-wide Information Technology Compliance and Risk Management programs. In this role, you'll provide subject matter expertise with regard to information technology governance, risk management, and compliance (GRC) initiatives.

This hire will also provide guidance to key stakeholders on adherence to and implementation of security controls and assess and improve vendor risk management processes. If you have strong analytical skills, can multi-task, work with a multitude of internal stakeholders and thrive in a culture of collaboration -- Stash is looking for you!

What you'll do:

  • Direct the testing, maintenance, and improvement of internal security controls that align to PCI-DSS, SOC 2, NIST 800-53, ISO 27001 and CIS CSC
  • Coordinate 3rd party audits for PCI-DSS & SOC 2
  • Assess compliance with other regulatory and legal requirements related to Stash’s business as applicable
  • Develop and own the technological aspects of GRC projects from beginning to end with minimal supervision
  • Assist Stash’s Compliance department in developing features and functionality to assess and track compliance with regulatory and legal requirements relevant to the Stash’s business, continually enhancing our control environment and in response to new regulatory requirements
  • Test and maintain privacy incident response procedures
  • Test and maintain information security and privacy policies
  • Ensure ongoing compliance with third party information security requirements
  • Develop, maintain and automate compliance reporting and dashboards to communicate organization-wide adherence to frameworks and standards as well as program status
  • Work closely with Head of Legal and Compliance and Director of Information Security and collaborate with multiple other departments to drive overall program success and articulate control requirements and associated risks to a diverse audience

What we're looking for:

  • 6+ years of prior information security GRC experience in consumer financial services or fintech
  • Prior experience with and knowledge of fintech or cloud native service organizations using the following services and techniques: Docker, AWS Elastic Container Service, Continuous Delivery / Continuous Integration deployment, infrastructure as code and mobile application development
  • Extensive knowledge of the financial services industry as it relates to information security GRC and privacy operations, and regulations including SSAE18 SOC1/SOC2, NIST and PCI
  • Experience with implementing CIS Critical Security Controls framework
  • Experience conducting risk assessments and risk remediation projects in large scale organizations
  • Ability to communicate compliance requirements for consumption by software development and product management teams
  • Ability to design and implement reporting solutions that achieve “continuous compliance”
  • Ability to work independently and remain team-oriented
  • Knowledge of the current information security GRC risk management technology/vendors on the market
  • Excellent interpersonal skills
  • Top-notch organization and project management skills
  • Excellent written and verbal communication skills
  • Ability to adapt to change and new challenges

Gold Stars:

  • Big 4 accounting firm, or management/IT consulting experience.
  • Computer Science, Information Security Engineering or Automation Engineering experience.
  • CISSP, CISM or similar certification.
Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Location

We offer employees the choice and flexibility to work where you want from anywhere in the US or UK. We offer stipends to make home offices productive and for those who don't live near our NYC and London offices, to secure space when they want it.

Similar Jobs

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about StashFind similar jobs