DESCRIPTION:
CreditNinja is a FinTech company founded in 2017 by veteran serial entrepreneurs who were part of the core team behind Enova (NYSE:ENVA), a leading publicly traded consumer financial services company. CreditNinja's mission is to provide hard working Americans with financial solutions when unexpected expenses arise. Unlike traditional banks, CreditNinja works hard to ensure that people with less-than-perfect credit can have quick access to the money they need. Headquartered in downtown Chicago, we are a lean and innovative team seeking like-minded talent to help us disrupt the consumer finance industry.
JOB SUMMARY:
CreditNinja is seeking an Information Security Compliance Program Manager who will report directly to the Chief Information Security Officer. This individual will be responsible for all aspects of the company’s information security program including the maintenance of security policies, risk assessments, requirements, processes, and associated reviews. This individual will oversee and execute the company’s information security calendar of events and will help to identify, assess, control and manage cyber risk throughout the Ninja platform of products. This position will be based at CreditNinja headquarters in Chicago, IL, or can be located in our Miami, FL office, or remote work may also be considered. This is an exciting and rare opportunity to join a well-capitalized startup on the ground floor and help drive our success.
KEY RESPONSIBILITIES:
Ensure that our Information Security Program meets all industry regulations, standards, and compliance requirements.
Create a metrics framework that can effectively measure and communicate the impact of the program.
Conduct regular information security program activities including risk assessment, BCP/DR exercises, internal reviews and audits, asset management exercises, etc.
Respond to information security diligence requests
Support annual PCI compliance SAQ requirements
Liaison SOC2 audit requirements
Conduct evaluations of technology procedures and processes to assess effectiveness of controls as well as to ensure alignment with business objectives and security requirements.
Will work closely with members of the technology, operational and compliance teams as it relates to the assessment of new and evolving threats, as well as emerging and core technologies that support key processes.
REQUIREMENTS:
Broad experience and a strong understanding of security concepts.
Ability to communicate complex messages in a simple, clear and concise manner within the organization
Experience with information security management programs and their various components
Ability to write and document findings in a clear and concise manner that allows for risk prioritization
Familiarity and ability to use technology based tools such as JIRA/Confluence, Sisense, etc.
Comfort and ability to present to senior management
Must be able to demonstrate business, technical and industry knowledge while assessing business risks, identifying key controls, and performing risk-based testing of technology controls.
Familiarity with PCI and SOC 2 requirements, and FFIEC cybersecurity guidance.
NICE-TO-HAVES:
Personal interest in the financial services and/or fintech space
SQL query writer
BENEFITS:
Competitive salary and benefits package, including material equity grant
Casual dress policy
Fun, fast-paced work environment
Dynamic start-up culture
Ability to make an immediate impact in a growth stage company
Convenient downtown Chicago office located in the heart of the city
Equal opportunity employer