Summary
Join One's mission to help customers achieve financial progress as a GRC Engineer (Cloud & Application Security). Define and implement One's Information Security program, design and execute risk management processes, and ensure compliance with security frameworks.
Requirements
- 5+ years of experience in security governance, cloud and application security assessments, risk management, and/or third party risk
- Strong knowledge of various industry standard frameworks such as NIST, FFIEC, SOC 2, PCI DSS, HiTrust, etc
- Thorough knowledge of enterprise-scale security architecture, cloud security, and application security best practices
- Domain knowledge of multiple disciplines including IT systems, networking, security, and compliance
- Familiarity with containerization technologies (e.g., Docker, Kubernetes) and CI/CD pipelines
- Excellent written and verbal communication skills, with the ability to convey technical concepts to both technical and non-technical audiences
- Strong analytical and problem-solving skills with the ability to work independently and as part of a team
Responsibilities
- Proactively evaluate the security configurations of Oneβs applications and AWS services
- Determine detailed remediation plans and steps for security gaps, and work independently or in conjunction with stakeholders to resolve such gaps
- Define, publish, and maintain company-wide security standards and requirements based on industry best practices
- Perform in-depth security assessments of third party hosted applications and systems
- Collaborate with team members on performing security reviews on new product features, system architectures, and business processes
- Support ongoing information security audit initiatives and compliance projects with the team
- Share guidance and training to internal One teams on overall information security
- Engage with both technology and business teams as a consultant for any security-related issues that affect Oneβs product features and offering
Benefits
- Competitive cash
- Benefits effective on day one
- Early access to a high potential, high growth fintech
- Generous stock option packages in an early-stage startup
- Remote friendly (anywhere in the US) and office friendly - you pick the schedule
- Flexible time off programs - vacation, sick, paid parental leave, and paid caregiver leave
- 401(k) plan with match