Cyber Governance and Education Manager

Summary

Join Oportun's team and enjoy a differentiated experience of being part of a diverse, equitable, and inclusive culture where you feel a sense of belonging and are encouraged to share your perspectives. As the Security Policy Manager, you will have two principle responsibilities: management and maintenance of all policies, standards, and procedures related to technology and cyber security, and building security education materials and demonstrating workforce engagement.

Requirements

• 7+ years of proven technical writing and data and technology governance management
• Proficient in style guidelines for user interface and ability to enhance the overall user experience by providing clear and concise information
• Excellent written and verbal communication skills, strong interpersonal skills and the ability to partner with developers, engineers, SMEs and cross-functional teams to translate technical concepts for all audiences
• Highly motivated self-starter with a meticulous attention to detail and time management skills
• Demonstrated experience working with content management tools such as Sharepoint, Confluence, and standard MS Office tools (e.g., Word, Excel, PowerPoint)
• Ability to learn complex concepts quickly and explain them clearly to end users and technical audiences
• Familiarity with IT/ security control frameworks (e.g. SOC 2, NIST CSF 2.0, PCI 4.0+, FFIEC CAT), and relevant professional standards and regulations
• Experience with common GRC solutions
• BA/BS degree in Computer Science or a related field, or relevant professional experience

Responsibilities

• Develop and maintain information security policies, standards, and procedures, in alignment with company requirements, making recommendations and driving changes as needed
• Effectively facilitate discovery meetings with technical leads to understand documentation requirements about system processes/ procedures and translate technical information into well-organized and concise content
• Maintain continual awareness of developments and incorporate industry best practices and regulatory guidelines including but not limited to FFIEC, NIST CSF 2.0, FTC, and PCI
• Develop an intimate understanding of Oportun’s technology and security processes, tools, and specifics of homegrown systems
• Review content to ensure that it is presented in an engaging manner with relevant industry examples and use cases while ensuring the quality, accuracy, and time to deliver
• Proactively seek continuous improvement opportunities in process/policies/standards
• Develop metrics and dashboards to track program effectiveness and maturity
• Develop and maintain security education materials including annual awareness training program, secure developer training, and more informal learning opportunities upon request from various leaders
• Ensure preservation of required compliance artifacts such as document approvals and participation in mandatory trainings