Head of Enterprise Security and GRC

Are you ready to build the future of our company?

About Mercury® Financial

Mercury® Financial is an innovative and growing financial services company with locations in both Austin, TX and Wilmington, DE. Our mission is to help customers build and maintain their financial future by offering them credit cards they can afford and understand. After only a few years, we’ve had great success building a significant credit card program, but we are aiming higher, which means we have lots of challenging problems for you to help us solve. Come onboard, work with some of the most talented individuals who thrive on collaboration and teamwork; and help us continue to build something special.

Location

Mercury® Financial is headquartered in the progressive and entrepreneurial tech hub of Austin, Texas. Our physical location is situated in a beautiful park like setting called the Domain. The Domain's ideal location and exceptional amenities, amazing restaurant selection and convenient parking, are all perfect for after work happy hours!

What it’s like to work here: 

We foster a collaborative and innovative culture where you will be empowered to do your best work. All of our employees bring everything they have to their job and are part of a larger team working towards a greater goal. We do right by our employees, our partners, and our customers.

What a day is like:

• Risk Management: Identify, evaluate, and mitigate risks related to information security, privacy, and compliance
• Compliance Monitoring: Ensure that the organization adheres to industry standards and government regulations
• Policy Development: Develop and revise security policies, standards, and procedures. Improve security posture through process improvement, policy, automation, and the continuous evolution of capabilities
• Audits and Assessments: Conduct internal and external audits (PCI-DSS) to assess the effectiveness of security controls and compliance programs. Work with cross functional team to mitigate the risk within SLA defined by company policy
• Vendor Risk Management: Evaluate and manage risks associated with third-party vendors
• Framework Implementation: Implement and monitor frameworks such as PCI-DSS, ISO 27001, GDPR, NIST, and SOX1
• Vulnerability Management: Oversee vulnerability scanning, penetration testing and patch management to proactively address emerging risks
• Business Continuity and Disaster Recovery: Collaborate with technology and other departments to maintain BCP-DR plans
• Reporting: Develop metrics and dashboards to report on the status of security and compliance efforts, control failures or gap and remediation activities.

You’re perfect for this role if you have: 

• 10+ years’ experience in information security; and
• 5+ years’ senior leadership experience at a financial services organization
• Bachelor’s or master’s degree in information security, Computer Science, or a related field
• Certifications: PCI-DSS (QSA), CISSP. (Nice to have CISM, CRISC, and CISA), AWS Certification
• Strong understanding of GRC tools, Security tools, regulatory frameworks, cloud environments and risk assessment methodologies.

Why you’ll like working here:

This isn’t a place where you will fill a seat and keep your head down. This is a place where everybody is expected to help build something. This is a place where you can be involved and lead in your areas of expertise. So, how much do you believe in yourself? If you believe in your skills, in your drive and determination, we’ll give you the resources and room to show the world what you can do. Here are just a few of the benefits we offer:

• Employer insurance coverage for employee & dependents 
• Life insurance 
• 401K with generous employer match 
• Wellness program
• Monthly Company Events  
• Hybrid Work Model

Mercury® Financial is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.