Employee Applicant Privacy Notice
Who we are :
Shape a brighter financial future with us.
Together with our members, we're changing the way people think about and interact with personal finance.
We're a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals.
The industry is going through an unprecedented transformation, and we're at the forefront. We're proud to come to work every day knowing that what we do has a direct impact on people's lives, with our core values guiding us every step of the way.
Join us to invest in yourself, your career, and the financial world.
The role :
As the IT & Cyber Senior Analyst for Control Monitoring & Testing, you will play a pivotal role in defining and supporting the company's second line of defense (2LOD) risk management activities across technology risk functions at SoFi.
This role focuses on performing a regular cadence and targeted control testing within technology and cybersecurity environments, specifically AWS cloud platforms.
The position requires fundamental experience in developing and executing control tests to assess the design and operational effectiveness of controls.
Key responsibilities include consolidating control testing results, assisting in the development of reporting mechanisms for senior management, and supporting the implementation of control enhancements based on testing outcomes.
The role involves evaluating various aspects of the technology and cybersecurity risk environment, including access controls and security monitoring.
Familiarity with AWS solutions and basic knowledge of CSPM and DSPM tools are beneficial. Strong collaboration skills are essential for working with cross-functional teams, while effective communication is required to present findings and contribute to improving risk management processes in a dynamic environment.
The ideal candidate will be knowledgeable and inquisitive about technology risk management, with a demonstrated track record of implementing best practices within established frameworks (e.
g., NIST, UCF, SOC2 etc.). They will possess the skills and expertise necessary to assess critical AWS services in collaboration with operational owners, ensuring comprehensive and effective control testing.
Additionally, this role will be key in ensuring SoFi meets regulatory requirements by fostering and promoting best practices in technology risk assessment through evangelizing and collaborating with cross-functional stakeholders.
Possessing strong partnership skills, excellent communication and collaboration abilities, and the ability to deliver programs that improve SoFi's overall technology risk posture will be a key to success in this role.
This role is a rare opportunity to work with a growing and driven team at a fast-growing and innovative financial technology company.
What you'll do :
At SoFi, our ambition is to help our members achieve financial independence and reach their goals. We aim to be at the center of our members' financial lives, and to help every member get their money right.
You will be a part of the second line Technology Risk Management team, dedicated to driving risk management around our foundational technology, with a specific focus on IT and AWS environments that provide the solutions supporting our mission to help members achieve their financial ambitions.
Opportunities for success will include but not limited to the following risk activities :
- Conduct targeted control testing to assess the design and operational effectiveness of controls within technology and cybersecurity environments.
- Document and report the results of control testing, developing a comprehensive reporting mechanism for presentation to the Board and relevant Committees.
- Utilize control testing results to drive enhancements in first-line controls, ensuring that identified gaps are addressed and controls are strengthened.
- Evaluate and test controls related to various aspects of the technology and cybersecurity risk environment, including access controls, network security, data protection, and endpoint security.
- Assess the effectiveness of security monitoring processes and incident response mechanisms to ensure they are adequately addressing threats and vulnerabilities.
- Review third-party risk management practices to ensure that external partners and vendors are compliant with SoFi's security requirements.
- Examine business continuity and disaster recovery plans to verify that they are robust and capable of managing potential disruptions effectively.
- Evaluate new product initiatives, including emerging technologies like AI, to ensure that associated risks are adequately managed and controls are implemented.
- Assess the adequacy of technology and cybersecurity policies, standards, and processes to ensure they remain effective and up-to-date in addressing current risks.
- Collaborate with other teams to drive continuous improvement in risk management practices and control implementation based on testing findings and emerging risks.
What you'll need :
5-8 years of relevant experience in First Line or Second Line roles within technology risk management, technology risk consulting, or related fields.
Exposure to AWS platforms and financial frameworks such as FFIEC, NIST, ISO, COBIT, and / or PCI is beneficial.
- A Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field, or equivalent technical experience in AWS cloud infrastructure and supporting services.
- 2-4 years of experience in technology risk governance, including some exposure to compliance, technology risk management, and internal or external audits.
- 1-3 years of experience in the assessment of an AWS environment to support security, risk mitigation efforts, or regulatory compliance.
- Experience in risk assessment and process evaluation, with a focus on developing process flows and applying them to cloud-native (AWS) platforms.
- The ability to work collaboratively with cross-functional teams, building and maintaining working relationships to support risk management and control implementation.
- Good verbal, written, and visual communication skills, with the ability to explain technology and security concepts to both technical and non-technical audiences.
Nice to have :
- Relevant industry certifications, for example, CRISC, AWS CCP, CCSK
- Experience with technology risk assessment programs and standards in an AWS environment, with similar capabilities in Azure or Google cloud platforms.
- Prior experience with control testing
- Ability to drive innovation, new practices;
- Experience working in Google Docs, Sheets and Slides
Compensation and Benefits
The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate's experience, skills, and location.
To view all of our comprehensiveand competitivebenefits, visit our Benefits at SoFi page!
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and / or veteran status, or any other basis prohibited by applicable state or federal law.
The Company hires the best qualified candidate for the job, without regard to protected characteristics.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
New York applicants : Notice of Employee Rights
SoFi is committed to embracing diversity. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities.
If you need accommodations to participate in the job application or interview process, please let your recruiter know or email [email protected].
Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.
Internal Employees
If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.