Security Compliance Program Manager
San Francisco, CA, USA
Posted on Saturday, October 15, 2022
Move money. Make money. Finix processes billions of dollars every year for leading SaaS, marketplace, and e-commerce platforms. With one developer-friendly API, Finix helps companies accept payments, manage payouts, and onboard merchants—everything you need to enable payment processing, and grow revenue.
Finix has raised over $100M from American Express Ventures, Bain Capital Ventures, Homebrew, Inspired Capital, Lightspeed Venture Partners, Sequoia Capital, Visa, and others.
About the role
The Compliance & Security team manages the corporate Compliance, Security, and Risk functions within Finix. We create, administer, monitor, and test the programs required by regulators, Card Brand and NACHA rules, processor and banking partners, and clients. We determine the applicability of a ruleset to our organization (PCI, SOC, Card Brand rules, AML requirements, etc.), define the “what” we have to do, work with the control owners to define and build the “how” we do it, and ensure our compliance against those requirements is defensible when challenged.
The Security Compliance Program Manager is responsible for preparing for and managing all aspects of internal and external audits of our Corporate Information Security program, including remediation & tracking.
Finix is looking for a team member to join the Compliance & Security team who can bring a proactive and strategic approach to managing security risk. This individual must have the ability to work cross-functionally between technical and operations staff, drive improvements in Application Security, represent Finix’s commitment to Security in internal and external audits, and build a solid security audit management framework that will scale as Finix grows.
- Own the PCI and SOC certifications/audits from pre-planning through audit and remediation
- Be an Information Security expert liaising between technical and non-technical teams to ensure controls are adequately defined and sufficient to meet requirements
- Develop and execute quarterly internal risk self-assessments/mini-audits (and ensure remediation, if required) of key controls in areas of PCI, SOC, ISO, and InfoSec compliance to be ahead of any potential risk or gaps in our security program
- Complete security and risk reviews of all new features/products/services to ensure they meet the requirements of the Corporate InfoSec program
- Proactive and enthusiastic to build an Information Security audit management program
- Able to talk to technical and non-technical teams, translating complex concepts between the two and ensuring alignment between them
- Keenly attuned to details, ensuring nothing is overlooked when it comes to protecting our information and representing this to auditors
- Organized and able to manage multiple projects simultaneously, against deadlines and within budget
- Confident in your abilities but eager to learn and expand your knowledge
- Payments experience
- An aptitude for digging deep into Information Security requirements
- 3-5 years of experience in PCI, SOC, security audits or equivalent assessments; may be client-side, servicer, assessor or industry consultant
- A talent for analyzing requirements of Information Security frameworks, particularly as they relate to the payment industry, and crafting solutions for adherence
- Knowledge of cloud computing and nuances of managing in an AWS/Microsoft/Google cloud vs. traditional on-premise data centers
- Industry certifications (CRISC, CTPRP, SSCP, CISSP, CISA, CISM) that demonstrate your desire to be the best at what you do
Finix is an equal opportunity employer and values diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other protected class.
Role: Security & Compliance Program Manager
Location: San Francisco, CA
Base Salary Range: $140,00/yr to $170,000/yr + equity + benefits
Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries at our headquarters in San Francisco, California. Individual pay is determined by work location, job-related skills, experience, and relevant education or training.