Security Compliance Analyst at Bread
Bread is a technology company that aims to transform the world of paper credit card applications and hidden interest rates by providing leading point-of-sale financing options for merchants across the e-commerce journey. We build tools, technologies and APIs that allow merchants to integrate an installment loan financing and checkout experience anywhere in their customers’ shopping journey. Bread was started in 2015 by financial technology veterans, and has experienced explosive growth to date. We’re backed by top investors including Menlo Ventures, Bessemer Venture Partners, Kinnevik, among others.
Bread is looking to hire a Security Compliance Analyst to help support our risk and compliance program. This role is critical to Bread’s core business of offering transparent financial products for merchants and consumers, while maintaining the trust and confidence of our customers that we will protect their privacy and personal information. You’ll be supporting a robust, secure and compliant data regime to protect both the company and customers’ assets, while fostering a culture of security and compliance with the various department leaders throughout the organization.
What you will do:
- Participate in and support Bread’s portfolio of audits and certifications related to data security and compliance: SOC 1, SOC 2, ISO 27001, PCI-DSS, FFIEC, etc.
- Respond thoroughly to due diligence questionnaires from our partner banks, enterprise customers, strategic partners, and other key enablers
- Conduct Bread’s ongoing vendor management and due diligence process
- Implement procedures for robust internal compliance, auditing, monitoring and functioning
- Work closely with Bread’s technology and legal teams to operate and develop our information security and compliance framework
- Be the face of Bread to critical outside stakeholders in matters of information security and compliance
- Liaise with external auditors, assessors, and regulators, which may include providing audit evidence
- Bachelor's degree in computer science, management information systems, or a related discipline
- 2-4 years experience supporting regulated compliance or information security efforts
- Understanding of compliance standards and frameworks including SOC 1 (SSAE 18), SOC 2/3 (Trust Services Principles), ISO (27001, 27017), FFIEC, and PCI-DSS
- Broad-based experience working in IT compliance for a large enterprise or in a highly regulated environment
- Project or program management experience
- Curiosity and love of reading, e.g. an ability and enthusiasm (i.e., an enthusiasm to read through a new revision to a relevant compliance standard or a lengthy vendor SOC 2 report)
- Strong technical skills and understanding of modern cloud hosting technologies
- Proven ability to collaborate cross-functionally and desire to work closely with other members of the team
- You love to create a solid infrastructure for departmental growth, but are excited to roll up your sleeves and execute as needed
- Already have or looking to obtain one or more of the following certifications: CISA, Security +, CISM, CISSP, ISO 27001 Lead Auditor, PCI-ISA, PCI-QSA