Manager, IT Security Compliance
Stash is on a mission to give the financial opportunity to all; we want to build financial systems that work for everyone—not just the wealthy. But that takes more than just a mission. It takes great people and an open, inclusive, and diverse environment where innovation and quality can thrive.
We are looking for a Manager, IT Security Compliance to join our team and protect our rapidly expanding organization. The Manager, IT Security Compliance will be responsible for planning, implementing and maintaining organizational-wide privacy, security, and compliance strategy for the protection of Stash. You’ll work closing with senior management across the firm to build a security posture that protects Stash customer’s information, the Stash platform and the organization at large.
What you’ll do:
- Develop the ongoing privacy, security, and compliance strategy and implementation plan to comply with PCI DSS, SOC2, ISO 27000 series, SOX, NYDFS, CCPA, and GDPR requirements
- Maintain Stash’s information security policies and procedures
- Design controls based on industry best practices and regulatory frameworks
- Assess and monitor the effectiveness of implemented controls, and document control deficiencies
- Track control remediation activities in coordination with business and technical stakeholders
- Lead internal and external compliance activities and audits related to privacy, security, and compliance
- Respond to client inquiries, complete security assessments, and review vendors security questionnaires
- Perform and lead risk assessments for Stash projects, acting as a consultant on security requirements
- Document privacy, security, and compliance risks and coordination with Enterprise Risk Management
- Compile weekly, monthly, quarterly, and annual reporting and metrics covering the current control set for reporting to Stash management
What’s Required:
- Bachelor’s degree or equivalent experience; minimum 6 years of experience in information security in Governance, Risk and Compliance (GRC) domain, and related compliance programs
- Prior experience with implementing and managing compliance programs such as PCI DSS, SOC2, ISO 27000 series, and/or GDPR
- Practical experience in security risk management including the conduct of control assessments, gap analysis, risk mitigation, and risk assessment methodologies.
- Program/project management experience and knowledge of best practices
- Experience with large scale cloud-based technical environments preferred
- Experience with GRC tool specifically ZenGRC, preferred
- CISA, CISM, CISSP, ITIL v3 or similar, preferred
- Automation or scripting experience a plus
#LI-JB1
At Stash it is our mission to help everyday Americans invest and build wealth. That includes people of all races, genders, and abilities, so it is important to us to acknowledge and address the issues of inequality in financial services head on.
Diversity and inclusion are essential to living our values, promoting innovation, and building the best products. Our success is directly related to our employees and we believe that our team should reflect the diversity of the customers that we serve. As an Equal Opportunity Employer, Stash is committed to building an inclusive environment for people of all backgrounds.
If you require any reasonable accommodations to make your application process more accessible please reach out to [email protected].
Invest in Yourself:
- Equity & Stash Accounts [Invest, Retire, Custodial, Bank]
- Flexible PTO
- Learning & Development Fund
- Work from Home Stipends
- Parental Leave [Primary & Secondary]
Recognition:
- BuiltIn’s Best Places to Work (2019, 2020, 2021)
- Forbes Fintech 50 (2019, 2020, 2021)
- Best Digital Bank, Finovate Awards (2020)
- Tearsheet Challenge Awards, Best Banking Card Product - Stock-Back® Card, 2020
- LendIt Fintech Innovator of the Year (2019 & 2020)
**No recruiters, please**