Governance, Risk, and Compliance Leader

  • SoFi
  • San Francisco, CA, USA
  • Sep 20, 2018
Full time Compliance Information Technology Risk

Job Description



SoFi is seeking an experienced leader to assist in all aspects of our governance, risk and compliance program. This role will report to the Director of Information Security and work with cross-functional teams and external parties to support compliance, risk management and business development activities.

At SoFi, you’ll become part of a new kind of finance company based around speed, transparency, and alignment with our members’ interests. Our goal is to be at the center of our members’ financial lives. We created student loan refinancing, addressing the biggest financial challenge of a new generation through a modern approach to lending and personal finance. We expanded into other types of loans, and then into insurance and wealth management with similarly inventive products and soon to be launched SoFi money a modern take on a checking or savings account. As the company has grown, we’ve been able to help more people with these tools. SoFi has achieved significant growth, with ambitious plans ahead, but to continue this growth we need great talent.


  • Manage and own major GRC-focused initiatives from beginning to end with minimal supervision.
  • Assess and track compliance with regulatory and legal requirements relevant to the SoFi business such as GLBA, FINRA, NYDFS, Colorado Security Act and contractual commitments
  • Perform vendor security and privacy due diligence
  • Coordinate 3rd party audits of SoFi, SOC 2 audits and PCI
  • Drive privacy and information security training and awareness
  • Manage privacy incident response and coordinate remediation activities
  • Maintain information security and privacy policies
  • Works as an advisor to the business areas to plan for vendor solutions for managing the information security risk.
  • Leads the escalation and resolution of risk and compliance issues with appropriate leadership including business, security, privacy, legal, compliance and IT teams
  • Metrics driven, understands, develops and delivers meaningful dashboards and reports to a wide audience demonstrating our current program state and adherence to frameworks and standards. 
  • Works closely with GRC Director towards overall program rollout and providing risk-based operational metrics/management support.

Minimum qualifications

  • BS degree in Computer Information Systems or related field
  • 5+ years of experience in compliance, privacy and/or security risk management
  • Strong  leadership skills
  • Experience with business continuity planning and testing, as well as third-party security management
  • Familiarity with U.S privacy regulations, SSAE18 SOC1/SOC2 and standards such as NIST and PCI
  • Familiarity with GRC tools
  • Self-starter with strong interpersonal and communication skills
  • Demonstrate ability to assimilate new knowledge quickly
  • Comfortable working in a fast-paced, dynamic environment

Preferred qualifications

  • MS in Management or MBA desired
  • Big 4, or management/IT consulting experience
  • Practical experience implementing GRC
  • Experience with vendor risk management
  • CISSP, CISM, CISA, CIPP or similar certifications
  • Experience leading security or privacy training courses


  • Subsidized lunches, a fully stocked kitchen, and subsidized gym membership.
  • Competitive salary packages and bonuses.
  • A flexible vacation policy allows you to truly relax and reboot. 
  • Comprehensive health, vision, dental, and life insurance as well as disability benefits.
  • 100% of health, vision, and dental premiums paid by SoFI for employees and their dependents. 
  • 401(k) and education on retirement planning. 

  • Tuition reimbursement on approved programs, up to $5,250 a year.
    • Monthly contribution to help you pay off your student loans.