It Audit Senior Risk Manager

The role:

As the Technology Audit Sr. Risk Manager, you will further define and support the company's second line risk management activities across technology risk functions at SoFi. This high-visibility role will require you to collaborate with cross-functional leaders across all lines of defense to drive technology risk decisions, innovations, and communicate them to senior executives and regulators. Additionally, you will play a key role in ensuring SoFi meets regulatory requirements by fostering and promoting best practices in technology risk assessment through evangelizing and collaborating with cross-functional stakeholders.
The ideal candidate for this role will have a deep understanding and curiosity of technology risk management and best practices, familiarity with a variety of frameworks (e.g. NIST, ISO, etc.), audit standards (IIA) and strong understanding of technology stack leveraged in cloud environments. Strong partnership skills, excellent communication and collaboration abilities, and the ability to deliver programs that improve SoFi's overall technology risk posture will be a key to success in this role. This role is a rare opportunity to work with a growing and driven team at a fast-growing and innovative financial technology company.

Outline the reason the job exists here. Document contributions of the role that contribute to the organization's overall mission.

What you'll do:

At SoFi, our ambition is to help our members achieve financial independence and reach their goals. We aim to be at the center of our members' financial lives, and to help every member get their money right. You will be a part of the second line Technology Risk Management team dedicated to driving risk management around our foundational technology which drives forward our mission to help members achieve their financial ambitions.

• Conduct comprehensive IT audits within banking environments, ensuring adherence to industry standards and regulations
• Document findings according to IIA (Institute of Internal Auditors) standards, providing actionable recommendations
• Collaborate with cross-functional teams to address audit issues and improve processes
• Help further define and lead SoFi's technology risk management vision and execution by driving risk assessment programs, building policies and procedures, and finding solutions for various technology related initiatives
• IT Risk Manager (Audit Assessment lead) - Banking IT Auditor
• Lead and oversee Bank IT audits, managing a team of auditors to ensure thorough assessments and compliance
• Develop audit strategies, review workpapers, and provide guidance on complex IT audit issues
• Communicate audit results to senior management, driving continuous improvement in IT controls and processes
• Partner with key stakeholders across the organization to implement processes that drive down residual risk and improve the overall technology risk posture, working closely with engineering and technology operations teams to establish infrastructure and tooling that enable teams across SoFi to comply with requirements.
• Provide subject matter expertise in Technology Risk and serve as the main point of contact within the organization for technology risk assessment concepts
• Consume technology and security standards, technology processes, and associated control requirements to support operationalization and deployment

This section should include a full overview of the role including information from a job analysis: what does the individual actually do on a daily basis and what tasks are performed regularly. What does the worksite or workstation look like? Is this a remote role or in office? Outline what essential functions are performed. What are the expectations and expected results for this role? Is overtime or extra-hours work often needed/required?

Be sure to use inclusive language, if you have questions, the TA Ops team can help! Make sure to avoid age-specific descriptions, gender-specific terms, mentions of race or religion, or verbiage about physical abilities (unless absolutely necessary to perform a role).

What you'll need:

• 10+ years of professional and relevant experience in Technology Audit Management and Technology Risk Consulting, including exposure with a Financial Technology - Framework (IIA, FFIEC, NIST, ISO, COBIT, PCI, etc.)
• Bachelors' Degrees in Computer Science, Systems Engineering, Information Technology or equivalent technical experience
• 6+ years of experience in technology risk governance; handling compliance, technology risk management, and/or internal/external audits.
• Strong risk assessment and process evaluation experience; developing and establishing process flows end-to-end
• Strong partnership capabilities and ability to build and foster strong cross-functional work relationships
• Excellent communication skills (verbal, written, and visual); ability to communicate technology and security concepts to both technical and non-technical partners

What experience and qualifications are required to perform well in this role? Please make sure to include only the required skills and experience. The next section will include preferred or "nice to haves".

Include 5-10 education, training, or experience requirements in this section for a well rounded job description. Be sure that each requirement is linked back to the role the individual will be performing on a daily basis. These qualifications should be non-negotiable.

Examples Include:

• Minimum Education Requirements such as: High School Diploma or Bachelor's Degree
• Minimum Experience Requirements such as: 1 year experience in a similar role. Be careful not to require more years than is necessary to gain the minimum qualifications.
• Knowledge of certain systems, policies, and procedures that are necessary to perform basic job functions right away.
• Language requirements if consistently partnering with teams that have a large client base with a foreign language.

Nice to have:

• Experience establishing technology risk assessment programs and standards
• Prior experience leading and completing end-to-end technology risk assessments
• Relevant industry certifications, for example, CISSP, CCSK, CISA; ability to drive innovation, new practices; experience interacting with regulators (Federal Reserve, OCC, CFPB)
• Experience working in Google Docs, Sheets and Slides