Senior Manager, Information Security Risk & Governance

What you get to do:

We are looking for a passionate, mission-driven Information Security governance manager to join our expanding Information Security team. You will lead and manage the process and tools for Information Security & Risk Management, and process IT due diligence requests and ensure compliance to policies, procedures and regulations. You will also work with important partners in Technology, Compliance, Internal Audit, and Legal to review and provide security guidance on current and new processes, maintain evidence and artifacts for all audits.

• Work with CISO to develop information security program and security control assessment strategy
• Run the information security risk management process. Be the primary point of security risk management activities, including analyzing, quantifying, and tracking identified information security risks and reviewing and documenting risk exception requests
• Identify and analyze new requirements for policy impacts; develop policies, procedures, standards and guidelines.
• Ensure compliance with established IT policies and procedures by examining IT records, reports, operating practices, and documentation
• Manage and track cybersecurity audit engagements, due diligence activities, and vendor security reviews; Use working knowledge of information security best practices to ensure IT controls are in place to meet our external audit and client requirements
• Create dynamic dashboards and scorecard for visibility of Information Security Governance activities
• Develop mandatory enterprise cybersecurity awareness training program
• Coach a team of 3-4 information Security analysts

What you bring to the team:

• A degree in Information Technology/Computer Information Systems or related field.
• Background in Information Security, IT Risk Management, or IT Audit
• Experience with security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, ISO control framework
• Minimum ten (10) years of experience in Information Technology compliance programs to meet regulatory or compliance requirements with at least two years of management experience
• Experience identifying potential IT controls risks, issues and opportunities through and offering sustainable recommendations that address cause rather than symptoms
• Experience with information security standards, best practices for securing computer systems within applicable laws and regulations

Reports to: Chief Information Security Officer

Total Rewards and Benefits:

The starting base salary for this position is $125,000 per year. The actual offer, reflecting the total compensation package and benefits, will be at the company’s sole discretion and determined by a myriad of factors including, but not limited to, years of experience, depth of experience, and other relevant business considerations. The total compensation package includes eligibility and potential for performance-based bonuses as well as equity grants dependent upon the role and job level. 

OppFi offers a flexible, remote environment, 401(k) matching program, and generous paid time off. Other benefits include medical, dental, and vision coverage, and tuition reimbursement. There are also additional benefits including DoorDash DashPass, Figo pet insurance, Rocket Lawyer, and access to LinkedIn Learning. OppFi also offers Fringe, which is a lifestyle benefits platform that allows employees decide how to spend rewards from dozens of vendors like Uber, DoorDash, and UrbanSitter. #LI-Remote