Lendistry is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, or membership in any other group protected by federal, state, or local law.
If you need assistance or accommodation due to a disability, you may contact us at hr@lendistry.com
Lendistry does not accept unsolicited resumes from recruiters, employment agencies, or staffing firms. To conduct business with Lendistry, a Master Services Agreement (MSA) must be executed and confirmed prior to submitting any information relating to a potential candidate. Without a signed MSA, Lendistry shall not be responsible to any individual or entity for any payment relating to any form of fee or compensation.
And, in the event that a resume or candidate is submitted by a recruiter, an employment agency, or a staffing firm without a fully executed MSA, Lendistry has the unrestricted right to pursue and hire any of those candidate(s) without any legal or financial responsibility to the recruiter, agency, and/or firm.
This position is based onsite at our Los Angeles, CA location. Candidates must be able to work in-office as part of the role’s regular schedule.
A Day in the Life
The GRC Incident Manager leads the organization’s security and operational incident response function while supporting the GRC program that keeps the company audit-ready. This role owns incident command from detection through resolution, directs cross-functional response across Security, Engineering, IT, Legal, Compliance, Communications, Facilities, HR, and Executive Leadership, and translates each incident into measurable improvement through KPIs, after-action documentation, and updated controls. The role also supports ongoing compliance obligations (SOC 2, GLBA Safeguards Rule, ISO/IEC 27001) so that incident response and compliance posture reinforce each other rather than operating as separate functions.
Lendistry: Who We Are
We’re proud to be the nation’s largest minority-led, tech-savvy lender for small businesses and commercial real estate. As a certified Community Development Financial Institution (CDFI) and Community Development Entity (CDE), our mission is all about creating economic opportunities and fueling growth for small business owners and their communities. Join us as we pave the way with innovative financing and financial education!
What You’ll Be Doing
Incident Command & Crisis Leadership
- Serve as Incident Commander for security and operational incidents, holding full command and control over response activities.
- Build, execute, and maintain Incident Action Plans (IAPs) that give each response a clear structure, owner, and timeline.
- Make time-sensitive decisions under pressure, weighing safety, regulatory exposure, and business continuity.
- Lead post-incident reviews and drive corrective actions through to closure.
- Run tabletop exercises and simulations to pressure-test playbooks and team readiness.
Physical Security Operations
- Manage physical security incidents, including unauthorized access, safety threats, and facility disruptions.
- Coordinate with Facilities, HR, Legal, and local authorities as needed during physical security events.
- Ensure physical security controls align with cybersecurity, business continuity, and compliance programs.
Cross-Functional Collaboration
- Act as the central point of coordination between technical responders and non-technical stakeholders during an incident.
- Direct and coordinate Security Operations, Engineering, IT, Legal, Compliance, Communications, and Executive Leadership throughout the incident lifecycle.
- Engage external parties — law enforcement, emergency services, regulators, and vendors — when an incident requires it.
- Partner with Security, Engineering, and Compliance to keep response playbooks and escalation paths current.
Compliance Management
- Support the SOC 2 compliance program (Type I and Type II) — assisting with control ownership, evidence collection, auditor coordination, and remediation tracking.
- Support alignment with ISO/IEC 27001, including risk assessments, Statement of Applicability support, and control mapping.
- Support GLBA Safeguards Rule obligations, including related vendor oversight and risk documentation.
- Conduct periodic risk assessments and control-effectiveness reviews across people, process, and technology.
- Support regulator, auditor, and customer due-diligence requests.
KPIs & Metrics
- Define and track incident response metrics (e.g., time to detect, time to contain, time to resolve, recurrence rate) to measure program maturity.
- Develop compliance KPIs (control exceptions, remediation aging, audit findings closure rate) for leadership reporting.
- Use trend data from incidents and audits to prioritize control investment and process changes.
- Report metrics and program status to Executive Leadership on a recurring cadence.
Documentation
- Maintain incident response plans, IAP templates, and after-action reports.
- Maintain GRC documentation — policies, standards, procedures, and the risk register — under a continuous-compliance model.
- Document control evidence, audit responses, and remediation records to support SOC 2, ISO 27001, and GLBA audits.
- Keep playbooks, escalation matrices, and contact trees current and accessible.
Your Areas of Knowledge and Expertise
- 3–5 years of experience in incident response, GRC, or risk management, preferably in a regulated environment such as fintech or financial services.
- Direct experience serving as Incident Commander or in a comparable incident leadership role, including running IAPs and post-incident reviews.
- Familiarity with SOC 2 and GLBA Safeguards Rule compliance programs; working knowledge of ISO/IEC 27001.
- Experience building and tracking KPIs/metrics for incident response and compliance programs.
- Strong written documentation skills; comfortable producing audit-ready records under time pressure.
- Professional certifications such as ICS-100/200 preferred.
- Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent experience/certifications.
Why You'll Love Working Here:
Comprehensive Medical, Dental, and Vision Insurance
Generous Paid Time Off
Birthday Day Off
12 Paid Company Holidays
401(k) Match
FSA and HSA
Paid Life Insurance
Paid Disability Insurance
Pet Insurance
Employee Assistance Program (EAP)
Professional Development Courses
In Office Provided Snacks and Drinks
Gym Facilities (LA & Tustin/CEC Offices)
In Office Engagement Activities
Compensation Range
The US base salary range for this full-time position is $118,300-$136,300 annually.
Our salary ranges are determined by role, level, and location.
The range displayed on each job posting reflects the minimum and maximum base salary for new hires for the position across all US locations. Within the range, individual pay is determined by multiple factors like job-related skills, experience, and state of residence. Your recruiter can share more about the specific salary range during the interview process.
Please note that the compensation details listed in US role postings reflect the base salary only, and do not include any variable compensation elements.
Physical Requirements
This is a stationary position that requires frequent sitting (approximately 95%), repetitive wrist motions, grasping, speaking, listening, close vision, and the ability to adjust focus. It also may require occasional standing, lifting, carrying of 20lbs or less, walking, kneeling, bending/stooping, twisting, pulling/pushing, and reaching above the shoulder. Employees in this position must be physically able to efficiently perform the essential functions of the position.
ACKNOWLEDGEMENT
B.S.D. Capital, Inc. dba Lendistry is an equal employment opportunity employer committed to providing its employees, applicants and other covered persons with equal opportunities without regard to race, color, age (40 or older), religious creed (including religious belief, practice or dress and grooming practices), national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender (including pregnancy, childbirth or medical condition related to pregnancy or childbirth), gender expression, gender identity, sexual orientation, military or veteran status (including past, current or prospective service), or any other characteristic protected under applicable federal, state or local law.
Similar Jobs
What you need to know about the Chicago Tech Scene
Key Facts About Chicago Tech
- Number of Tech Workers: 245,800; 5.2% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: McDonald’s, John Deere, Boeing, Morningstar
- Key Industries: Artificial intelligence, biotechnology, fintech, software, logistics technology
- Funding Landscape: $2.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Pritzker Group Venture Capital, Arch Venture Partners, MATH Venture Partners, Jump Capital, Hyde Park Venture Partners
- Research Centers and Universities: Northwestern University, University of Chicago, University of Illinois Urbana-Champaign, Illinois Institute of Technology, Argonne National Laboratory, Fermi National Accelerator Laboratory

