Cybersecurity Risk Director, First Line of Defense

Shape a brighter financial future with us.
Together with our members, we're changing the way people think about and interact with personal finance.
We're a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we're at the forefront. We're proud to come to work every day knowing that what we do has a direct impact on people's lives, with our core values guiding us every step of the way.

The Director of SoFi's Cyber Risk Management will be responsible for the development and implementation of SoFi's first line of defense (1LOD) cyber risk control function. This role will be responsible for developing a team with the skills to implement, monitor, and ensure the effectiveness of cyber controls across a wide range of technologies.
As a member of the first line of defense (1LOD), the Cyber Risk Director is responsible for the design, development, and execution of the first line's control framework and risk environment. This includes the creation and ongoing evaluation of the policies, standards and procedures that define the 1LOD program as well as the continuous monitoring to ensure controls are designed and operating effectively. The Director will partner and collaborate with other 1LOD areas and the second line of defense (2LOD) to ensure all controls, reviews, corrective action plans, documentation, and reports comply with operational, regulatory, and company guidelines, policies, and procedures. The Director will also work closely with the 2LOD on credible challenges and ensuring adherence with 2LOD policies.

• Develop and maintain a risk-based cyber control program to design, implement, and monitor the effectiveness of key controls across the enterprise.
• Create and enforce methodologies and requirements to be deployed across the 1LOD.
• Develop, implement, and maintain cybersecurity policies, standards, and procedures.
• Establish the strategic plan for the development and implementation of the 1LOD control environment and its technical evaluation.
• Manage the TPRM program to ensure vendor compliance with cybersecurity standards.
• Prepare and deliver clear, concise, and actionable reporting to senior leadership and governance committees.
• Develop and deliver cybersecurity training programs.
• Work closely with senior leadership across the enterprise, within all three lines of defense, to support the continued maturation of the control environment.
• Lead a team responsible for executing the risk-based control implementation and monitoring program.
• Proactively identify and work with the Cyber Compliance team to implement control automation, validation strategy and analytics.
• Own the design, development, and testing of information systems, such as GRC software.
• Own the cyber risk management process, including the RCSA, ensuring that risks are identified, assessed, and mitigated appropriately within the cybersecurity framework.

• Bachelor's degree
• 12+ years of relevant technology ownership, operational risk management, regulatory, examination, or internal audit experience
• Strong understanding of control frameworks, implementation methodologies, and risk assessments
• Highly effective interpersonal and communication skills and proven ability to positively influence all levels of personnel, including senior leadership
• Strong understanding of risk governance and first line of defense processes used to manage front line business unit risk management processes
• Wide breadth of knowledge regarding primary risks associated with the products and services SoFi offers
• Experience leading and developing team members
• Experience in banking and/or fintech industry, including regulatory experience
• Proven success building and implementing control programs to evaluate the design adequacy and effectiveness of key controls
• Exceptional data visualization skills
• Knowledge of cloud controls and cloud controls frameworks.
• Self-motivated with strong collaboration and influencing skills
• Ability to work under pressure, manage multiple tasks and competing priorities, meet deadlines, and adapt to change; comfortable dealing with ambiguity and uncertainty
• Excellent critical and creative thinking, decision-making, and innovative problem-solving skills

• Advanced degree; relevant industry certifications, for example, CISSP, CCSK, CISA
• Ability to drive innovation and new practices
• Experience interacting with regulators (Federal Reserve, OCC, CFPB)

The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate's experience, skills, and location.
To view all of our comprehensive and competitive benefits, visit our page!
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
The Company hires the best qualified candidate for the job, without regard to protected characteristics.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
New York applicants: Notice of Employee Rights
SoFi is committed to embracing diversity. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email [email protected].
Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.

If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.