Governance, Risk, and Compliance Engineer, Cloud and Application Security

Summary

Join One's mission to help customers achieve financial progress as a GRC Engineer (Cloud & Application Security). Define and implement One's Information Security program, design and execute risk management processes, and ensure compliance with security frameworks.

Requirements

• 5+ years of experience in security governance, cloud and application security assessments, risk management, and/or third party risk
• Strong knowledge of various industry standard frameworks such as NIST, FFIEC, SOC 2, PCI DSS, HiTrust, etc
• Thorough knowledge of enterprise-scale security architecture, cloud security, and application security best practices
• Domain knowledge of multiple disciplines including IT systems, networking, security, and compliance
• Familiarity with containerization technologies (e.g., Docker, Kubernetes) and CI/CD pipelines
• Excellent written and verbal communication skills, with the ability to convey technical concepts to both technical and non-technical audiences
• Strong analytical and problem-solving skills with the ability to work independently and as part of a team

Responsibilities

• Proactively evaluate the security configurations of One’s applications and AWS services
• Determine detailed remediation plans and steps for security gaps, and work independently or in conjunction with stakeholders to resolve such gaps
• Define, publish, and maintain company-wide security standards and requirements based on industry best practices
• Perform in-depth security assessments of third party hosted applications and systems
• Collaborate with team members on performing security reviews on new product features, system architectures, and business processes
• Support ongoing information security audit initiatives and compliance projects with the team
• Share guidance and training to internal One teams on overall information security
• Engage with both technology and business teams as a consultant for any security-related issues that affect One’s product features and offering

Benefits

• Competitive cash
• Benefits effective on day one
• Early access to a high potential, high growth fintech
• Generous stock option packages in an early-stage startup
• Remote friendly (anywhere in the US) and office friendly - you pick the schedule
• Flexible time off programs - vacation, sick, paid parental leave, and paid caregiver leave
• 401(k) plan with match