Security GRC Specialist

JOB TITLE: Security GRC Specialist

LOCATION: Remote

REPORTS TO: CISO

The Company:

Sunbit builds financial technology for real life. Our technology eases the stress of paying for life’s expenses by giving people more options on how and when they pay. Founded in 2016, Sunbit offers a next-generation, no-fee credit card that can be managed through a powerful mobile app, as well as a point-of-sale payment option available at more than 21,000 service locations, including 1 in 3 auto dealerships, optical practices, dentist offices, veterinary clinics, and specialty healthcare services. By introducing a flexible way to pay over time, we are proud of our ability to lift up service providers and retailers while helping consumers when necessary expenses arise... regardless of whether they were expected or unexpected. Sunbit was included on the 2022 and 2023 Inc. 5000 list. The financial technology company has also been named as a Most Loved Workplace®, Best Point of Sale Company, and as a Top Fintech Startup by CB Insights. We use cutting-edge innovations in financial technology to bring leading data and features that allow individuals to be qualified instantly, making purchases at the point-of-sale fast, fair and easy for consumers from all walks of life. We create value focused on our core values; we work tirelessly to ensure that Sunbit becomes available to everyone, everywhere.

Sunbit is proud to be recognized on the CB Insights List of Unicorn Companies, with a valuation of $1.1B (https://www.cbinsights.com/research-unicorn-companies)

The Role: 

We seek a Cybersecurity GRC & Project Management Specialist to join our growing team. In this role, you will be pivotal in safeguarding our company's data and systems, ensuring compliance with industry regulations, and fostering a security-conscious environment.

Requirements

What You’ll Own:

• Governance, Risk, and Compliance (GRC):
• Maintain and extend our comprehensive cybersecurity program aligned with industry best practices and regulatory requirements (e.g., PCI DSS, SOC 2).
• Establish and maintain a risk management framework to identify, assess, and prioritize cybersecurity risks.
• Develop and maintain our security policies, procedures, and standards.
• Manage and track cybersecurity risks, conduct threat assessments, and implement controls to mitigate risks.
• Stay abreast of evolving regulations and industry standards, such as PCI DSS, SOC 2, GDPR, and HIPAA, and translate these requirements into actionable security practices for Sunbit.
• Oversee internal audits and compliance assessments.
• Security Vendor Risk Management:
• Evaluate and manage the security posture of third-party vendors, ensuring they adhere to Sunbit's security standards.
• Develop and implement processes for vendor onboarding, risk assessment, and ongoing monitoring.
• Security Awareness:
• Design and deliver engaging security awareness training programs for employees at all levels.
• Develop and maintain security awareness materials, such as newsletters, phishing simulations, and security posters.
• Security Project Management:
• Manage and oversee the implementation of security projects, ensuring they are completed on time, within budget, and meet project goals.
• Work with cross-functional teams to prioritize and execute security initiatives.

What You Bring To The Table: 

• Minimum 5 years of experience in cybersecurity, preferably within the financial services industry.
• Strong understanding of cybersecurity frameworks (e.g., NIST CSF, PCI DSS, SOC 2).
• Experience with security risk management, vendor risk management, and security awareness programs.
• Proven project management skills, including experience with project planning, execution, and monitoring.
• Excellent communication, collaboration, and interpersonal skills.
• Ability to work independently and as part of a team.

The Perks:

• Join one of LA’s fastest growing startups (2023), A Most Loved Workplace, #576 on the 2023 Inc 5000 list, and Forbes Fintech 50 (2024) 
• Mission driven + empowered + collaborative
• Competitive pay and stock options
• Unlimited PTO
• Health Insurance options including Medical, Dental, Vision, Life, EAP, FSA, & Maternity Leave
• Newly added HSA and Pet Insurance
• 401K Plan with Matching 
• Cell Phone Stipend 
• Casual Dress
• Open door policy / Open office floor plan
• Team based strategic planning + Team owned deliverables

Core Competencies for Success in Role – fit for Sunbit in role

• Serve others before self - Enhance customer and colleague security by implementing robust measures and providing effective security training programs.
• Own the impact - Ensure the effectiveness of security policies and procedures, manage risks, conduct assessments, and maintain regulatory compliance.
• Connect genuinely - Build strong relationships with team members and vendors, communicate security risks clearly, and deliver engaging awareness programs.
• Act fast - Respond quickly to security threats and vulnerabilities, and manage security projects efficiently to ensure timely compliance with regulations.
• Include always - Involve all employees in security initiatives, making cybersecurity a collective responsibility.
• Innovate for good - Use cutting-edge technologies and best practices to continuously improve Sunbit's cybersecurity measures and protect customer data.

Sunbit is an Equal Opportunity Employer. We strive to provide a professional & welcoming workplace for all employees.