Security Risk Governance Analyst

About the Role

You are a fearless, seasoned security professional with an interest in new and emerging technology. You can work on tight deadlines with little guidance and are well versed in risk, security, and controls. You can get to the root of a problem and you are familiar with frameworks such as SOC2, ISO27001, and PCI-DSS.  You are adept at documenting vendor reviews, procedures, and exceptions in a rapidly-changing company environment, and are comfortable leading risk workshops, vendor interviews, and managing reviews and assessments through to completion.

The base salary offered for this role and level of experience will begin at $106,300 and up to $147,600. Full-time employees are also eligible for a bonus, competitive equity package, and benefits. The actual base salary offered may be higher, depending on your location, skills, qualifications, and experience.

In this role, you can expect to

• Deliver high-quality third party security reviews and evidence
• Due diligence request
• Ongoing monitoring
• Help drive joint Security, Risk, and Compliance initiatives
• PCI-DSS compliance
• SOC2 and ISO27001 certifications
• Conduct risk assessments, gap analyses, and controls testing for critical areas
• Help define KPIs, KRIs, and dashboards for reporting to management
• Develop or source training content and ensure training of employees and contractors using a learning management system (LMS)
• Create operational runbooks and establish security baselines and standards
• Cross-collaborate to formalize the Security Architecture Review process with Security Engineering, Application, and Infrastructure Security

To thrive in this role, you have

• Experience conducting third party audits, risk assessments, and controls testing
• Experience using a vulnerability management tool and managing risk exceptions
• The ability to document procedures and runbooks for the security program
• Experience in a position focused primarily on information security and/or security program management
• Familiarity with frameworks like SOC2, NIST 800/NIST CSF, ISO 27001, and PCI-DSS
• A security certification such as CISSP, CISA, CISM or equivalent
• Cloud AWS/GCP experience is a plus

A little about us

We created Chime because we believe everyone deserves financial peace of mind. By eliminating unnecessary fees and helping people grow their savings automatically, we’ve empowered millions of Americans to take control of their finances.

Chime is the largest and fastest-growing U.S. player in the challenger-banking space. Through our banking partners, we offer access to bank accounts with fee-free overdraft, provide members the chance to receive early access to their paychecks, help them improve their credit, and more!

We’ve built one of the most experienced leadership teams in Fintech and were recently valued at over $25.5B. We’ve raised over $1.7B in funding from leading investors including Sequoia Capital Global Equities, SoftBank Vision Fund 2, General Atlantic, Tiger Global, Dragoneer, DST, Coatue, Iconiq, Menlo Ventures and others.

What we offer

• 💰 Competitive salary based on experience
• ✨ 401k match plus the usual medical, dental, vision, life, and disability benefits
• 🏝 Generous vacation policy and company-wide Take Care of Yourself Days
• 🖥  Virtual events to connect with your fellow Chimers- think cooking classes, music festivals, mixology classes, paint nights, etc., and delicious snack boxes, too!
• 💚  A challenging and fulfilling opportunity to join one of the most experienced teams in FinTech and help create a completely new kind of banking service

We know that great work comes from great, and inclusive teams. At Chime, we specifically look for individuals of varying strengths, skills, backgrounds, and ideas. We believe this gives us a competitive advantage to better serve our members and helps us all grow as Chimers and individuals.

We hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Chime is proud to be an Equal Opportunity Employer and will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance. If you have a disability or special need that requires accommodation, please let us know. To learn more about how Chime collects and uses your personal information during the application process, please see the Chime Applicant Privacy Notice.