Security Risk Manager

Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility.

Credit Karma is looking to hire a Manager to join our Security Governance, Risk & Compliance team [Security GRC]. This role will lead the Security Assurance services within GRC, focused on evaluating technology controls, supporting assessments for the companies certification programs and acting as an overall security compliance subject matter expert to the business. This role will work with business at all organizational layers, so it will be important to demonstrate flexibility in approach, communication style and depth of understanding. The candidate must be comfortable working in a very fast-paced and constantly changing environment. This position reports directly to the Director, Security GRC.

• Support certification programs and assessments, such as: ISO 27001, SOC, PCI, in close collaboration with audit teams. Hands-on experience leading or working on these programs, including performing gap and readiness assessments, is required. 
• Review and support maturity updates, to our existing information security policies and procedures
• Own Security controls testing program execution including planning, coordination with process owners and stakeholder communication.
• Advise process/control owners with the preparation and on-going maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)
• Own BCDR compliance program including planning, coordination with process owners, facilitating BIAs, plan reviews, test exercises and stakeholder communication.
• Proactively identify gaps or improvement opportunities in existing GRC processes and work to develop solutions to enable maturation, through automation or other mechanisms.
• Assist with and drive remediation of control deficiencies and gaps identified internally and externally
• Evaluate and advise on new and evolving certification programs and technology.
• Support Tier 1 Security risk assessment process 
• Partner with other leaders within Security to collaborate and support both process maturity and staff development.

• 8+ years of experience in GRC, security assurance or information security risk management fields
• Experience implementing or building certification programs such as ISO 27k, SOC etc. 
• Strong knowledge of PCI DSS certification and attestation requirements 
• Experience working on BCDR compliance initiatives including performing BIAs and facilitating test exercises 
• Knowledge of Cybersecurity Frameworks such as NIST (800-53, CSF, 800-171), CIS etc.

• Bachelors or Masters degree with proficiency in Computer Science, Management Information Systems or relevant technical field experience in a security domain
• Industry recognized certifications such as CISSP,  CCSP, CISM, CRISC, CCSK
• Fintech, tech, financial services or consulting work history
• Knowledge of, or experience working with, cloud-services environment (GCP, AWS etc)
• Strong project management skills, with a track record of having delivered on complex initiatives in a fast-moving environment

• Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
• Solving security problems at scale in a highly technology-focused team, with a culture of “how to do this safely”, not a culture of “no”.
• Spending way less time convincing anyone why security is important and way more time talking about how to manage risk effectively - the importance of security is woven into our DNA already!

• Medical and Dental Coverage
• Retirement Plan
• Commuter Benefits
• Wellness perks
• Paid Time Off (Vacation, Sick, Baby Bonding, Cultural Observance, & More)
• Education Perks
• Paid Gift Week in December

Pay Transparency Notice: Credit Karma’s mission of championing financial progress for all starts from within. That’s why we implemented role-based compensation, which ensures people who are in the same role receive the same pay with variations for geographic location only. It’s all part of a more comprehensive DEI strategy that helps level the playing field. The base salary range for this role is $193,715 to $207,000 plus equity and benefits.