Information Security Analyst
Helping the Everyday Consumer Build Financial Health
OppFi is a leading financial technology platform that powers banks to offer accessible products and a top-rated experience to everyday consumers. Through our unwavering commitment to customer service, OppFi helps consumers who are turned away by traditional providers build a better financial path. OppFi is an Inc. 5000 company for five straight years, a Deloitte's Technology Fast 500™, and the seventh fastest-growing Chicagoland company by Crain's Chicago Business. The company was also named on Forbes America 2021 list of America's Best Startup Employers and Built In's 2021 Best Places to Work in Chicago.
OppFi is a team of caring and innovative individuals with diverse perspectives and backgrounds. Our employees approach every new challenge with an unparalleled ability to see what could be rather than settle for what is. We want people to be excited to come to work everyday and know you are a part of making a difference. Our company values guide us and create an open and collaborative culture where we hold the door, say what we see, do what we say, and dare to win together!
What you get to do:
The senior application security engineer coordinates with partners to implement solutions that protect the company, it's systems and data, to ensure the organization's technology ecosystem is designed with industry best security practices and company policy. You will work with IT staff to improve the security of products and services, and design technical solutions to address security weaknesses.
If you enjoy analyzing system services, spotting issues in code, networks and applications from a security perspective, and have to recognize security issues that appear under new threat scenarios, then the application security engineer is for you.
You will administer the process and tools for Information Security & Risk Management, and process IT due diligence requests and ensure compliance to policies, procedures and regulations. You will also work with partners in Technology, Compliance, Internal Audit, and Legal to review and provide security guidance on current and new processes, maintain evidence and artifacts for all audits.
If you have expertise in IT Security, Governance, Risk, and Compliance and are looking to join a goal-focused organization that is transforming the FinTech space, this role is a great fit for you.
- Support information security risk management activities, including analyzing, quantifying, and tracking identified information security risks as well as reviewing, documenting, and tracking risk exception requests
- Work with partners in IT, Compliance, Internal Audit, and Legal to review and provide security guidance on current and new processes, maintain evidence and artifacts for all audits.
- Identify and analyze new requirements for policy impacts; develop and update policies, procedures, standards and guidelines.
- Be the primary point of security risk management activities, including analyzing, quantifying, and tracking identified information security risks and reviewing, documenting, and tracking risk exception requests.
- Manage risk related to vendor risk through RFI engagement, contract review and the administration of a RCSA framework.
- Organize and track cybersecurity audit engagements and due diligence activities. Use working knowledge of information security best practices to ensure IT controls are in place to meet our external audit and client requirements..
- Recommend improvements to the company's information systems control environment, risk management and IT audit process to reduce duplicate audit requests in addition to minimizing Process Owner dependency to obtain control evidence
- Work with the Technology Process Owners to create, modify, validate, and decommission policies / procedures.
- Ensure compliance with established IT policies and procedures by examining IT records, reports, operating practices, and documentation.
- Create dynamic dashboards and scorecard for visibility of Information Security Governance activities.
What you bring to the team:
- Background in Information Security, IT Risk Management, or IT Audit
- Minimum four years of experience supporting Information Technology compliance programs to meet regulatory or compliance requirements
- Strong understanding of security and control frameworks, such as FFIEC, NIST, COBIT,ITIL, ISO control framework
- Proven experience in identifying potential IT controls risks, issues and opportunities through and offering sustainable recommendations that address root cause rather than symptoms
- Solid understanding of information security standards, best practices for securing computer systems within applicable laws and regulations
- Experience working in a regulated industry (financial services or health care).
Define your career at OppFi
OppFi is committed to providing an exceptional employee experience that allows you to define your career and purpose with us. New team members go through orientation, shadow programs, a new hire lunch with our CEO, Jared Kaplan, and you can participate in different company culture events focused on diversity, equity, and inclusion. Our team has designed programs to make you feel welcome and part of our team during your first year and beyond.
- Define the mission (days 1-30): You will understand our company mission, values, and vision, and how your role at OppLoans plays a part in that.
- Define your goals (months 1-3): You will be able to understand your role expectations and identify goals with your manager and mentor(s) to fulfill those expectations.
- Define your belonging (months 3-6): You will understand OppFis’ culture and have opportunities to engage with and impact that culture. Business Resource Groups and other programs are offered to help with community connection both virtually and in-person.
- Define your journey (6 months - 1 year): You will feel confident in your abilities to execute in your role and know the next step you will take to develop your career.
Compensation and Benefits
OppFi offers a flexible remote environment, 401(k) matching program, and flexible paid vacation. Other benefits include medical benefits, dental and vision coverage, and tuition reimbursement. To support your wellness & growth, we provide monthly meditation and yoga classes and access to all LinkedIn Learning courses. We also offer Fringe, which is a lifestyle benefits platform that lets you decide how you want to spend your rewards from dozens of vendors like Uber, Doordash and Urban Sitter. Dress code is casual.
EEOC Statement:
We do not discriminate based on identity - race, color, religion, national origin or ancestry, sex (including sexual identity), age, physical or mental disability, pregnancy, veteran or military status, unfavorable discharge from military service, genetic information, sexual orientation, marital status, order of protection status, citizenship status, arrest record or expunged/sealed convictions, or any other legally recognized protected basis under federal, state, or local law.
OppFi is committed to the full inclusion of all qualified individuals. As part of this commitment, OppFI will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact our People team at [email protected].
Pursuant to the requirements of the California Consumer Privacy Act, OppLoans is providing the "OppLoans California Employee Privacy Policy", which details the categories of personal information collected and your rights under the policy. If you are a California resident, please review the policy here: https://www.opploans.com/careers/