Prosper Marketplace is hiring a
Sr. Manager Governance Risk Compliance

Summary

Join Prosper as a GRC Senior Manager to oversee security and compliance functions, interface with all departments, and drive the GRC practice. Ideal candidate has 4+ years of direct management experience, 10+ years of IT compliance and risk management expertise, excellent communication skills, experience with cloud environments, project management skills, ability to work with technical and non-technical resources, self-direction, and preferred certifications such as CISSP, CISA, or CRISC. Remote work is available.

Requirements

• 4+ years of direct management experience
• 10+ years of progressive and demonstrated expertise in IT compliance and risk management (PCI-DSS, SOC 1/2, NIST CSF, etc.)
• Excellent written, verbal communication skills. Ability to tailor communication style to audience at hand
• Experience with cloud environments
• Excellent project management and process improvement skills
• Ability to effectively work with technical and non-technical resources
• Self-directed, works with minimal guidance, and recognizes when guidance needed

Responsibilities

• Develop Prosper’s GRC strategy and manage the day-to-day governance activities related to risk, control, and compliance management
• Establish KPIs and metrics to demonstrate effectiveness of the GRC program and report risk
• Lead the PCI-DSS compliance assessment (readiness along with the external attestation)
• Own the Risk Management Program, planning and coordinating the execution of risk assessments (NIST CSF, CIS), monitoring of emerging risks, and maintenance of the risk register
• Lead cross-functionally to maintain compliance certifications such as SOC1/SOC2 Type II, and other external IT audits
• Drive remediation of process and control deficiencies and improvements identified internally and externally
• Lead third-party cyber risk assessment/re-assessment tasks; overall responsible for vendor cybersecurity reviews
• Lead the Security Awareness Program (routine phishing simulation campaigns, security awareness trainings, newsletters, etc.)
• Take ownership of documentation processes; assist with the development and maintenance of policies, guidelines, standards, and processes
• Interface with both technical (Engineering, Technical Operations) and non technical (HR, Legal, Compliance) teams
• Build and automate processes to simplify and maintain continuous compliance over the technology environment
• Communicate, develop, and foster strong, collaborative relationships with stakeholders across all levels of the organization
• Assist with responding to privacy and security compliance requests from regulators, partners, and vendors
• Lead a team of senior GRC analysts
• Support the preparation of regular and ad-hoc risk reports for ERM governance, boards, and other relevant stakeholders

Preferred Qualifications

• Experience with CCPA preferred
• CISSP, CISA, or CRISC (or similar) certifications preferred

Benefits

• $180,000 - $247,000 a year
• Compensation details: The salary for this position is $180,000 - $247,000 annually, plus bonus and generous benefits