Senior GRC Analyst

Summary

Join Prosper as a detail-oriented Security Compliance professional to support and enhance our Governance, Risk, and Compliance (GRC) program. You will execute various security compliance initiatives, including PCI DSS, NIST-based risk assessments, and security audits. Leverage your strong communication and analytical skills to identify and report on security control gaps. This role involves collaborating with stakeholders, conducting security awareness training, and overseeing user access reviews. We seek a self-driven individual passionate about FinTech and improving customer financial well-being. Prosper offers a competitive salary, flexible time off, comprehensive health coverage, and various other benefits.

Requirements

• B.S. degree in Information Systems, Computer Science, or any technology-related field
• 5-7 years of GRC experience auditing internal controls and recommending process improvements
• Very high attention to detail, high integrity, and a good understanding of business risk
• Basic knowledge in auditing security technologies such as firewalls, IDS, DLP, Vulnerability Scans, Windows Servers, Applications, etc
• Ability to work independently to achieve objectives and deliver results
• Experience in security standards/frameworks such as PCI-DSS, NIST, SOC 2 II, etc
• Ability to clearly articulate ideas, work effectively and strategically collaborate cross functionally with internal stakeholders

Responsibilities

• Review, audit, and monitor security compliance programs against security policies, standards, and frameworks such as PCI-DSS, NIST CSF-171, SOC1 II, etc
• Perform annual risk assessment and monitor the progress of remediation efforts
• Perform security and privacy assessments of Prosper’s vendors and partners
• Assist in documenting and maintaining the security control matrix, and the risk register
• Support the management of security documentation such as policies, standards, processes, procedures, and data flows
• Oversee quarterly user access reviews
• Oversee users access to systems and applications
• Lead evidence collection for external audits related to SOC1, PCI-DSS, etc
• Perform PCI readiness assessments and support external PCI Level 1 assessment
• Build and cultivate positive working relationships with stakeholders across various teams
• Conduct security awareness training and phishing campaigns

Preferred Qualifications

• Prior experience working at SaaS, Fintech or Cloud company
• CISSP, CISA, CISM, or similar security certification
• Cloud security compliance experience

Benefits

• Flexible time off
• Comprehensive health coverage
• Competitive salary
• Paid parental leave
• Wellness benefits including access to mental health resources, virtual HIIT and yoga workouts
• Udemy access
• Childcare assistance
• Pet insurance discounts
• Legal assistance
• Additional discounts
• Bonus