Staff Security GRC Lead

Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility.

We are seeking a skilled and experienced Staff Security GRC (Governance, Risk and Compliance) Analyst to join our dynamic team. The successful candidate will play a crucial role in identifying key initiatives based on the organization’s GRC strategy, industry best practices and emerging trends. Additionally, this role will directly support the Director of Security GRC with strategy and roadmap development, and act as a GRC domain advisor to the business.

What you’ll do:

• Lead and manage enterprise-level GRC projects from initiation to completion, ensuring timely delivery and adherence to project objectives, timelines and budgets.
• Proactively identify gaps or improvement opportunities in existing GRC processes. Develop and implement frameworks and solutions to enable process maturation, leveraging automation or other mechanisms. 
• Conduct technical security reviews and risk assessments. 
• Provide technical guidance and oversight to the GRC team, to ensure effective identification, assessment and mitigation of security risks across the third-party ecosystem, including vendors, partners and cloud service providers.
• Represent the security organization in discussions and negotiations with third-party entities, effectively communicating our security posture to external stakeholders. 
• Engage with third-parties, to provide guidance in understanding and adhering to CK’s security standards and requirements, advocating for the implementation of appropriate security controls.  
• Conduct security audits, assessments and gap analyses to identify areas of non-compliance. Develop and implement remediation plans to address gaps and deficiencies
• Prepare comprehensive reports and presentations to communicate GRC initiatives, risk assessments, security metrics and dashboards to senior management and relevant stakeholders 

What we’re looking for:

• 8+ years of experience in cybersecurity, risk management or GRC roles
• Proven experience in leading the design, implementation and management of enterprise-level GRC programs, with the ability to lead cross functional teams and manage multiple projects simultaneously
• Proficient in information security principles, risk management frameworks,  compliance regulations and industry best practices

What we’d like to see:

• Bachelor’s degree in Computer Science, Information Security or equivalent professional experience 
• Relevant industry certifications (e.g. CISSP, CISM, CRISC, CCSP)
• Knowledge of, or experience working with, cloud-services environment (GCP, AWS etc) and cloud security controls

What’s great about the role:

• Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
• Solving security problems at scale in a highly technology-focused team, with a culture of “how to do this safely”, not a culture of “no”.
• Spending way less time convincing anyone why security is important and way more time talking about how to manage risk effectively - the importance of security is woven into our DNA already!
• If you are a driven and experienced Security Risk professional with a passion for continuous improvement and a track record of successfully leading GRC initiatives, we encourage you to apply for this exciting opportunity. 

Benefits at Credit Karma include: 

• Medical and Dental Coverage
• Retirement Plan
• Commuter Benefits
• Wellness perks
• Paid Time Off (Vacation, Sick, Baby Bonding, Cultural Observance, & More)
• Education Perks
• Paid Gift Week in December

Last updated on May 31, 2024