The Cybersecurity Compliance Lead is a hands-on and high energy program leader who can operate independently in achieving our team objectives. The team’s primary objective is to assist in overseeing the Security Compliance program enterprise wide.
The successful candidate will bring vision to the role and will have expertise in cloud technologies/environments, AWS or other related cloud experience, and testing security efficiency. The Cybesecurity Compliance Lead will quickly establish multi-functional relationships with colleagues to become a trusted resource for our Engineering, Product Delivery, TechOps, Compliance and Risk Teams, while also maintaining a hands-on role in proposing solutions/controls and crafting specifications for those teams.
- Apply a working knowledge of information security regulation and policy to articulate customer and control impact and drive alignment to SoFi’s integrated control framework
- Partner with security engineering, architecture and application development teams to deploy preventative and detective controls against our cybersecurity policies and standards to achieve continuous compliance
- Assess effectiveness, scalability and reliability of security controls and automate assessments in enterprise or cloud environments
- Monitor and ensure compliance with new regulatory requirements, information system security policy and procedures
- Manage security compliance programs and examinations while working to standardize and optimize controls and procedures across SoFi
- Liaise with auditors, articulate control implementation and impact, and describe considerations for applying security and compliance concepts to a technical cloud environment
- Define and execute existing or new compliance initiatives (SOC1, SOC2, ISO27001,PCI, FedRamp)
- Assess and track compliance with regulatory and legal requirements relevant to the SoFi business such as GLBA, FINRA, State
- Cybersecurity requirements (i.e. NYDFS, Colorado Security Act etc..) and contractual commitments
- Maintain security diligence programs for investors, partners, and prospective partners.
- Lead the escalation and resolution of risk and compliance issues with appropriate leadership cross functionally
- Metrics driven, understands, develops and delivers meaningful risk-based operational metrics, dashboards and reports to a wide audience demonstrating our current program state and adherence to frameworks and standards