DESCRIPTION:

CreditNinja is a FinTech company founded in 2017 by veteran serial entrepreneurs who were part of the core team behind Enova (NYSE:ENVA), a leading publicly traded consumer financial services company. CreditNinja's mission is to provide hard working Americans with financial solutions when unexpected expenses arise. Unlike traditional banks, CreditNinja works hard to ensure that people with less-than-perfect credit can have quick access to the money they need. Headquartered in downtown Chicago, we are a lean and innovative team seeking like-minded talent to help us disrupt the consumer finance industry.

JOB SUMMARY:

CreditNinja is seeking an Information Security Compliance Program Manager who will report directly to the Chief Information Security Officer. This individual will be responsible for all aspects of the company’s information security program including the maintenance of security policies, risk assessments, requirements, processes, and associated reviews. This individual will oversee and execute the company’s information security calendar of events and will help to identify, assess, control and manage cyber risk throughout the Ninja platform of products. This position will be based at CreditNinja headquarters in Chicago, IL, or can be located in our Miami, FL office, or remote work may also be considered. This is an exciting and rare opportunity to join a well-capitalized startup on the ground floor and help drive our success. 

 

KEY RESPONSIBILITIES:

  • Ensure that our Information Security Program meets all industry regulations, standards, and compliance requirements. 

  • Create a metrics framework that can effectively measure and communicate the impact of the program. 

  • Conduct regular information security program activities including risk assessment, BCP/DR exercises, internal reviews and audits, asset management exercises, etc. 

  • Respond to information security diligence requests

  • Support annual PCI compliance SAQ requirements 

  • Liaison SOC2 audit requirements

  • Conduct evaluations of technology procedures and processes to assess effectiveness of controls as well as to ensure alignment with business objectives and security requirements.

  • Will work closely with members of the technology, operational and compliance teams as it relates to the assessment of new and evolving threats, as well as emerging and core technologies that support key processes.

 

REQUIREMENTS:

  • Broad experience and a strong understanding of security concepts. 

  • Ability to communicate complex messages in a simple, clear and concise manner within the organization

  • Experience with information security management programs and their various components

  • Ability to write and document findings in a clear and concise manner that allows for risk prioritization

  • Familiarity and ability to use technology based tools such as JIRA/Confluence, Sisense, etc.  

  • Comfort and ability to present to senior management

  • Must be able to demonstrate business, technical and industry knowledge while assessing business risks, identifying key controls, and performing risk-based testing of technology controls. 

  • Familiarity with PCI and SOC 2 requirements, and FFIEC cybersecurity guidance.

NICE-TO-HAVES:

  • Personal interest in the financial services and/or fintech space

  • SQL query writer

 

BENEFITS:

  • Competitive salary and benefits package, including material equity grant

  • Casual dress policy

  • Fun, fast-paced work environment

  • Dynamic start-up culture

  • Ability to make an immediate impact in a growth stage company

  • Convenient downtown Chicago office located in the heart of the city

  • Equal opportunity employer