Cybersecurity Compliance Lead
hace 18 horas
The Governance, Risk, and Compliance (GRC) team handles a wide range of cross-functional activities, from security compliance certifications and audits, to risk management, inbound and outbound due diligence, security awareness, policy and procedures, and more.
Each of these ongoing parallel activities entails interpreting and setting requirements, assessing the effectiveness of security controls, risk-based decision making, cross-functional collaboration and communication, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy.
The Cybersecurity Compliance Lead is a hands-on and high energy program leader who can operate independently in achieving our team objectives. The team’s primary objective is to assist in overseeing the Security Compliance program enterprise wide.
**Responsibilities**
- Assess effectiveness, scalability and reliability of security controls and automate assessments in enterprise or cloud environments
- Monitor and ensure compliance with new regulatory requirements, information system security policy and procedures
- Manage security compliance programs and examinations while working to standardize and optimize controls and procedures across SoFi
- Define and execute existing or new compliance initiatives (SOC1, SOC2, ISO27001, PCI, FedRamp)
- Assess and track compliance with regulatory and legal requirements relevant to the SoFi business such as GLBA, FINRA, State
- Cybersecurity requirements (i.e., NYDFS, Colorado Security Act etc..) and contractual commitments
- Maintain security diligence programs for investors, partners, and prospective partners.
- Lead the escalation and resolution of risk and compliance issues with appropriate leadership cross functionally
- Metrics driven, understands, develops and delivers meaningful risk-based operational metrics, dashboards and reports to a wide audience demonstrating our current program state and adherence to frameworks and standards
**Minimum qualifications**
- BS degree in Computer Information Systems or related field
- 7+ years of experience with security-related regulatory compliance for financial services
- Strong leadership skills
- Experience managing PCI DSS, ISO 27001, SSAE18, or other compliance standards and framework programs
- Strong knowledge of security risk management and running audits/certification programs
- Knowledge of, or experience working with, Cloud technologies/environments, AWS or other related cloud experience
- Self-starter with strong interpersonal and communication skills
- Demonstrate ability to assimilate new knowledge quickly
- Comfortable working in a fast-paced, dynamic environment
**Preferred qualifications**
- Big 4, or management/IT consulting experience
- Relevant certification (e.g., CISA, CISSP) or equivalent expertise
- Have a detailed knowledge of NIST
800-53/800-37
, CNSSI 1253, SOC1, SOC 2, PCI, or ISO 27001 standards and understanding of evaluating the design and effectiveness of IT controls working directly with auditors for these types of assessments
- Ability to review technical reports and provide risk mitigation solutions from activities such as Penetration Testing, Vulnerability
- Understanding of AWS cloud computing services/deployment architecture (IaaS, PaaS, SaaS) through experience in operating them or obtaining certifications
- Location
San José, San Jose
- Department
Recruiting
- Employment Type
Full-Time
- Minimum Experience
Manager/Supervisor
- Compensation
USD $
-
Cybersecurity Engineer I
hace 18 horas
San José, Costa Rica Emerson A tiempo completo**Duties and Responsibilities** - Provide technical support for PWCS and Ovation software & hardware products. - Foster a positive environment for work and professional growth. - Work as a team player within the CCE to address basic customer cybersecurity questions and technical issues, and basic Ovation related inquiries. - Maintain or improve customer...
-
Cybersecurity Architect and a Grc Manager
hace 6 días
San Pedro, Costa Rica YNV Group A tiempo completoOverview: Tek is seeking a highly skilled and experienced Cybersecurity Architect and GRC Manager with expertise in Governance, Risk, and Compliance (GRC) to join our dynamic team. The role revolves around offering expert guidance and support in cybersecurity architecture and Governance, Risk, and Compliance (GRC) as a service tailored to meet the unique...
-
Security Compliance Analyst
hace 3 días
San José, Costa Rica Equifax A tiempo completoEquifax is where you can power your possible. If you want to achieve your true potential, chart new paths, develop new skills, collaborate with bright minds, and make a meaningful impact, we want to hear from you. **What you’ll do** - Working knowledge in relation to public cloud fundamentals, concepts and services and be able to analyze adherence to...
-
Senior Cybersecurity Compliance Analyst
hace 3 días
San José, Costa Rica L. L. Bean A tiempo completoWe invite you to be part of our team of trailblazers dedicated to helping people discover and enjoy the outside. Come join us. Because on the inside we’re all outsiders. And if it’s outside, we’re all in. - Position Purpose- Independently plan, organize, conduct and formally report on the IS Security related audits. Assists IS Security management in...
-
Cybersecurity Vulnerability
hace 18 horas
San José, Costa Rica DXC Technology A tiempo completo**_ - _** Our DXC Security services help customers assess risk and proactively address all facets of their security environment, from threat intelligence to compliance. We leverage proven methodologies, intelligent automation, and industry-leading partners to tailor security solutions to our customer’s unique business needs. **About this role** As a...
-
IT Compliance Lead
hace 6 días
San José, Costa Rica Cornerstone Building Brands A tiempo completoCompany Description Cornerstone Building Brands is the largest manufacturer of exterior building products in North America, serving the commercial, residential repair and remodel markets. We are the #1 manufacturer of vinyl siding, windows and metal accessories, as well as North America's number one choice in metal roofing and wall systems. With a broad...
-
San José, Costa Rica Microsoft A tiempo completoProvides technical support to customers, partners, field engineers, and other product support personnel who are diagnosing, troubleshooting, repairing and debugging complex computer systems, complex software, or networked and/or wireless systems. Works with customers to review and resolve issues. Performs troubleshooting and related analyses; escalates...
-
Compliance Analyst
hace 3 días
San José, San José, Costa Rica Joby Aviation A tiempo completoJoby OverviewLocated in Northern California and multiple locations across the globe, the team at Joby Aviation is driven by our goal of creating an affordable, all-electric air transportation system. Avionyx S.A. is a software engineering services company based in Heredia, Costa Rica, fully owned by Joby Aviation. As an AS-9100D company and in business since...
-
Senior Cybersecurity Analyst
hace 6 días
San José, Costa Rica VS-Staffing A tiempo completoWe are looking for a **Senior Cybersecurity Analyst (Tier-2 SOC)** to support cyber defense operations in a multi-tenant Managed Detection and Response (MDR) environment. This position is focused on cybersecurity monitoring & analysis as part of a comprehensive Security Operations Center (SOC). **What You will do** Monitor and conduct analysis of security...
-
Cybersecurity Technical Support Engineer
hace 1 semana
San José, Costa Rica Microsoft A tiempo completoWith over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also...
