Senior Security Risk Analyst - Charlotte, NC Charlotte, NC / Engineering / Full-time Credit Karma is a mission-driven company, focused on championing financial progress for our more than 100 million members in the U.S., Canada and U.K. While we're best known for pioneering free credit scores, our members turn to us for tips as they work on their financial goals, including helping them monitor their credit, identity monitoring, searching for credit cards, shopping for loans (car, home and personal), filing their taxes with Credit Karma Tax and growing their savings* -- all for free. Credit Karma has grown significantly through the years: we've added more than 70 million members in the last five years alone and now have more than 1,100 employees across our offices in San Francisco, Charlotte, Los Angeles, Leeds, London and soon Oakland. As a member of the Governance, Risk Management, & Compliance (GRC) team, youll have the opportunity to advise on system implementations, product launches and other business initiatives. You will support compliance initiatives throughout a fast paced dynamic startup environment. * Banking services provided by MVB Bank, Inc., Member FDIC What you'll do:
- Develop and maintain information security policies, procedures, standards and guidelines based on methodologies and regulatory and legal compliance
- Evaluate security risk of vendors, partners, and Credit Karma business and technical processes.
- Ensure adequate and effective IT controls exist to meet applicable current and future security compliance requirements found in laws, regulations, frameworks such as requirements to comply with SSAE 18 SOC I & II, ISO 27001/2, NIST/FedRamp etc
- Advise on and help remediate internal controls related to IT, security, operations, and engineering.
- Work with internal stakeholders to complete internal audit requirements
- Work with external auditors to assist in the completion of annual compliance audits
- Assists with user access/identity management reviews from automated and manual systems
Whats great about the role:
- If you are a self-starter, with an appetite to learn and play a vital role in the growth of our compliance team, then this role is for you
- Youll collaborate regularly with the operations, security, and development teams to complete a variety of engaging projects that assess enterprise technology risk
- You'll create, manage and conduct workforce information security
- Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe
- Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What we are looking for:
- B.S. degree required in Management Information Systems, Business or Accounting, or other related field
- 5+ years of professional experience in a technology risk or compliance related role
- 2+ years experience with one or more of the internal controls frameworks (NIST 800-53, CSF, DoD STIGs, SSAE 18 (SOC), ISO 27001, PCI)
- CISSP, CCSP, CISA, CRISC or other related technology governance certifications are a plus!
Credit Karma is committed to a diverse and inclusive work environment. We believe that such an environment advances long-term professional growth, creates a robust business, and supports our mission of championing financial progress for everyone. We offer generous benefits and perks with a single eye to nourishing an inclusive environment that recognizes the contributions of all and fosters diversity by supporting our internal Employee Resource Groups. Weve worked hard to build an intensely collaborative and creative environment, a diverse and inclusive employee culture, and the opportunity for professional growth. As part of the Credit Karma team, your voice will be heard, your contributions will matter, and your unique background and experiences will be celebrated. Credit Karma is also proud to be an Equal Opportunity Employer. We welcome all candidates without regard to race, color, religion, age, marital status, sex (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity or gender expression, national origin, veteran or military status, disability (physical or mental), genetic information, or any other protected characteristic. We prohibit discrimination of any kind and operate in compliance with the San Francisco Fair Chance Ordinance.