Cybersecurity Compliance Lead, Security Compliance

The Cybersecurity Compliance Lead is a hands-on and high energy program leader who can operate independently in achieving our team objectives. The team’s primary objective is to assist in overseeing the Security Compliance program enterprise wide.

The successful candidate will bring vision to the role and will have expertise in cloud technologies/environments, AWS or other related cloud experience, and testing security efficiency. The Cybesecurity Compliance Lead will quickly establish multi-functional relationships with colleagues to become a trusted resource for our Engineering, Product Delivery, TechOps, Compliance and Risk Teams, while also maintaining a hands-on role in proposing solutions/controls and crafting specifications for those teams.


  • Apply a working knowledge of information security regulation and policy to articulate customer and control impact and drive alignment to SoFi’s integrated control framework
  • Partner with security engineering, architecture and application development teams to deploy preventative and detective controls against our cybersecurity policies and standards to achieve continuous compliance
  • Assess effectiveness, scalability and reliability of security controls and automate assessments in enterprise or cloud environments
  • Monitor and ensure compliance with new regulatory requirements, information system security policy and procedures
  • Manage security compliance programs and examinations while working to standardize and optimize controls and procedures across SoFi
  • Liaise with auditors, articulate control implementation and impact, and describe considerations for applying security and compliance concepts to a technical cloud environment
  • Define and execute existing or new compliance initiatives (SOC1, SOC2, ISO27001,PCI, FedRamp)
  • Assess and track compliance with regulatory and legal requirements relevant to the SoFi business such as GLBA, FINRA, State
  • Cybersecurity requirements (i.e. NYDFS, Colorado Security Act etc..) and contractual commitments
  • Maintain security diligence programs for investors, partners, and prospective partners.
  • Lead the escalation and resolution of risk and compliance issues with appropriate leadership cross functionally
  • Metrics driven, understands, develops and delivers meaningful risk-based operational metrics, dashboards and reports to a wide audience demonstrating our current program state and adherence to frameworks and standards


Minimum Education Level: Bachelor's

Minimum Qualifications

  • BS degree in Computer Information Systems or related field
  • 7+ years of experience with security-related regulatory compliance for financial services
  • Strong leadership skills
  • Experience managing PCI DSS, ISO 27001, SSAE18, or other compliance standards and framework programs
  • Strong knowledge of security risk management and running audits/certification programs
  • Knowledge of, or experience working with, Cloud technologies/environments, AWS or other related cloud experience
  • Self-starter with strong interpersonal and communication skills
  • Demonstrate ability to assimilate new knowledge quickly
  • Comfortable working in a fast-paced, dynamic environment

Preferred Qualifications

    • Big 4, or management/IT consulting experience
    • Relevant certification (e.g. CISA, CISSP) or equivalent expertise
    • Have a detailed knowledge of NIST 800-53/800-37, CNSSI 1253, SOC1, SOC 2, PCI, or ISO 27001 standards and understanding of evaluating the design and effectiveness of IT controls working directly with auditors for these types of assessments
    • Ability to review technical reports and provide risk mitigation solutions from activities such as Penetration Testing, Vulnerability
    • Management, Wi-Fi testing and/or web-based application assessments
    • Understanding of AWS cloud computing services/deployment architecture (IaaS, PaaS, SaaS) through experience in operating them or obtaining certifications
    • Have experience in performing technical assessments and audits of network, operating systems, application
Posted: March 7, 2022
<< Back to Job-Board