Cybersecurity Risk Management Lead

June 18, 2022
San Francisco, CA
Job Type


Employee Applicant Privacy Notice

Who We Are

Shape a brighter financial future with us.

Together with our members, we’re changing the way people think about and interact with personal finance.

We’re a next-generation fintech company using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.

The Cybersecurity Governance, Risk, and Compliance (GRC) team handles a wide range of cross-functional activities, from security risk management, security policies and standards, inbound and outbound due diligence, third party risk management, compliance certifications and audits, security awareness, and more.

Each of these ongoing parallel activities entails interpreting and setting requirements, risk-based decision making, cross-functional collaboration and communication, assessing the effectiveness of security controls, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy.

We are seeking an experienced and driven Cybersecurity Risk Management Lead responsible for identifying, measuring, reporting, and treating cyber risks, both internally and externally with partners, vendors, and customers. This position will work cross-functionally to establish and mature the cybersecurity risk management program. This will be an individual-contributor role reporting to the Senior Manager of Cybersecurity Risk and Governance. This position requires a mix of business and technical understanding to connect with various internal and external partners.


  • Support the evolution of SoFi’s cyber risk management framework and processes.
  • Design and execute cyber risk assessments in alignment with regulatory requirements and industry best practices (i.e. FFIEC, NIST, etc.).
  • Define, manage, and lead risk register, risk treatment, and risk reporting process.
  • Identify, implement, and maintain policies, standards, and procedures required to protect SoFi’s information system assets.
  • Work with teams in operations, product security, and GRC to build security metric reporting and leadership dashboards to measure success of the cybersecurity risk program.
  • Identify opportunities to deploy standards and assessments to improve the security posture (i.e. FFIEC, NIST, etc.).
  • Assist in developing security and cyber risk management strategies, roadmaps, and project portfolio plans.

Minimum Qualifications

  • Bachelor’s Degree, Computer Science Degree or equivalent from a fully-accredited college or university
  • Minimum 7+ years of technology experience with a focus on cybersecurity, including governance and cyber risk management
  • Knowledge utilizing / assessing against common security and controls frameworks: NIST CSF, NIST 800-53, NIST 800-37, ISO27001 (or equivalent).
  • Experience performing cyber risk assessments, risk quantification, and risk prioritization.
  • Experience in establishing and operationalizing security metric and risk reporting programs.
  • Experience leading cyber risk management processes including risk register, treatment, and reporting.
  • Experience utilizing common risk management tools such as IBM OpenPages, OneTrust, MetricStream, Archer or similar.
  • Strong written and verbal communication skills, with an attention to detail and a sense of curiosity.
  • Self-starter with strong interpersonal and communication skills
  • Demonstrates ability to assimilate new knowledge
  • Ability to multitask, prioritize work, and meet deadlines in a fast paced environment
  • Knowledge of, or experience working with, Cloud technologies/environments, AWS or other related cloud experience

Preferred Qualifications

  • MS in a technical field or equivalent experience
  • Experience working for a financial services and/or finance technology (FinTech) company
  • Big 4, or management/IT consulting experience
  • Security certifications e.g. CISSP, CISM or other relevant certifications
  • Experience assessing security in a cloud-hosted environment

Why You’ll Love Working Here

  • Competitive salary packages and bonuses
  • Comprehensive medical, dental, vision and life insurance benefits
  • Generous vacation and holidays
  • Paid parental leave for eligible employees
  • 401(k) and education on retirement planning
  • Tuition reimbursement on approved programs
  • Monthly contribution up to $200 to help you pay off your student loans
  • Great health & well-being benefits including: telehealth parental support, subsidized gym program
  • These benefits are only applicable to full time employees

SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.

The health and safety of our employees and their families is our top priority. Due to the ongoing nature of the COVID-19 pandemic, effective on November 1, 2021, U.S. employees must be fully vaccinated and boosted (when eligible) to work from any of our offices, travel for business or attend work-related meetings.

The company will make reasonable accommodations when possible for employees who are unable to be vaccinated because of a disability, pregnancy, sincerely held religious belief, or for other legally required reasons..

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

New York applicants: Notice of Employee Rights

SoFi is committed to embracing diversity. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email [Click Here to Email Your Resumé].

Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.

Drop files here browse files ...

Related Jobs

Sales Rep Weekends - S San Francisco   South San Francisco, CA new
July 3, 2022
Sales Strategy and Planning Manager   San Francisco, CA new
July 3, 2022
Account Executive, Ticket Sales   San Francisco, CA new
July 3, 2022
July 3, 2022
Retail Reset Merchandiser   Millbrae, CA new
July 3, 2022