Senior Information Security GRC Analyst

Branch is on a mission to help working Americans grow financially. We do this by helping companies accelerate payments and empower working Americans with accessible fee-free financial services. We’re committed to building and delivering more inclusive and transparent financial products.

Come join our team as we develop new ways to improve the lives of working Americans. Our mission starts with empowering our own employees. Have a great idea? Share it today and it might just get implemented tomorrow. As a team member at Branch your voice and creativity can directly impact the product and company. We not only attract great talent from across the country but also build teams to help that talent to thrive. That means valuing a diversity of opinions and working styles while creating a shared belief in innovation initiative and winning together.

Branch is seeking an experienced Security Governance Risk and Compliance (GRC) professional to join our team.  This position will work in all aspects of GRC so broad knowledge is preferred across multiple frameworks and related policy and procedure lifecycle management.  The ideal candidate will have a background in managing relationships with internal stakeholders (C Suite Risk and Legal) external partners (3rd party vendors auditors sub-processors) and working closely with members of the Security team.

Responsibilities include but are not limited to:

• Manage risk and vulnerability assessments validation testing compliance reviews and audits in accordance with the frameworks (SOC 2 ISO 27001 PCI NIST CCPA) implemented by Branch

• Experience implementing new frameworks and integrating into existing audit cycles

• Manage Branch’s Drata GRC platform

  • Ensure information is up to date and automated collections are working appropriately

  • Ensure that Audit evidence is collected and validated

  • Manage access to and keep information up to date for Branch’s Security Trust Center

• Inform the proper stakeholders of important concerns hazards and Risk to the organization

• Work together with other stakeholders to link our corporate IT procurement and privacy departments with GRC objectives

• Maintain up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertise

• Manage security standards policies and practices on an annual basis to make sure they meet corporate demands

• Assist the department in responding to inquiries from the business units about ongoing operational compliance

• Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements

• Manage the 3rd Party Vendor Management process

• Partner with the Risk and Legal teams to share information and seek out areas for improvement to reduce Risk throughout the company

Qualifications:

• 5-7 years of experience in a similar role

• 3+ years of expertise conducting ISO 27001 and SOC 2 audits as well as handling audit responses

• Excellent communication skills

  • Oral and written communication to an audience of employees as well as to the leadership team is necessary

• Knowledge of GRC tool techniques and best practices (Drata HyperProof AuditBoard)

• Solid ethics and core values - Situations sometimes require discretion and may be of a confidential or sensitive nature

• Familiarity with security and compliance requirements for SOC 2 PCI NIST CSF ISO 27001 CCPA

• CISA CISM or are working toward certification

Compensation: The base compensation range for this role is 155-165k.  The salary range displayed reflects an average base salary range for the position across all the US. The base salary offered to an applicant could be higher or lower based on each applicants specific skill set depth of experience relevant education or training etc. The base salary range listed excludes commission/ bonus/ equity or benefits.

Benefits:

• Remote-first work culture (domestic USA)

• Branch-paid medical dental and vision insurance

• Equity

• 401k

• Flexible time off

• Paid company holidays

• Paid parental leave (eligible after 6 months of employment)

Working At Branch

Branch is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race religion color national origin gender sexual orientation age marital status veteran status or disability status.

A remote-first company with employees located all throughout the US Branch emphasizes transparency accountability and trust to create a collaborative environment where our product engineering marketing customer support customer success and sales teams can all thrive together.

Our teamwork has enabled us to become an award-winning fintech company with Branch’s innovation and workplace recognized across industries. Branch has been honored by the Webby Awards Benzinga Fintech Awards Fintech Breakthrough Awards Top Workplaces USA Great Places to Work and EY Entrepreneur of the Year Heartland among others.

Learn more about our culture approach technology and people here: https://www.branchapp.com/about

Must be currently authorized to work in the USA without sponsorship or transfer. No 3rd-parties please.