Cyber Governance and Education Manager R12615

ABOUT OPORTUN

Oportun (Nasdaq: OPRT) is a mission-driven fintech that puts its 2.0 million members' financial goals within reach. With intelligent borrowing, savings, and budgeting capabilities, Oportun empowers members with the confidence to build a better financial future. Since inception, Oportun has provided more than $16.6 billion in responsible and affordable credit, saved its members more than $2.4 billion in interest and fees, and helped its members save an average of more than $1,800 annually. Oportun has been certified as a Community Development Financial Institution (CDFI) since 2009.

WORKING AT OPORTUN

Working at Oportun means enjoying a differentiated experience of being part of a team that fosters a diverse, equitable and inclusive culture where we all feel a sense of belonging and are encouraged to share our perspectives. This inclusive culture is directly connected to our organization's performance and ability to fulfill our mission of delivering affordable credit to those left out of the financial mainstream. We celebrate and nurture our inclusive culture through our employee resource groups.

Working at Oportun means enjoying a differentiated experience of being part of a team that fosters a diverse, equitable and inclusive culture where we all feel a sense of belonging and are encouraged to share our perspectives. This inclusive culture is directly connected to our organization's performance and ability to fulfill our mission of delivering affordable credit to those left out of the financial mainstream. We celebrate and nurture our inclusive culture through our employee resource groups and our Diversity, Equity, Inclusion and Belonging Council.

POSITION SUMMARY

The Security Policy Manager will have two principle responsibilities 1) management and maintenance of all policies, standards, and procedures related to technology and cyber security and 2) building security education materials and demonstrating workforce engagement related to best practices, emerging threats, and critical thinking to inoculate our workforce and assets against scams, attacks, and misuse.

This role is fully remote.

RESPONSIBILITIES

• Develop and maintain information security policies, standards, and procedures, in alignment with company requirements, making recommendations and driving changes as needed.
• Effectively facilitate discovery meetings with technical leads to understand documentation requirements about system processes/ procedures and translate technical information into well-organized and concise content.
• Maintain continual awareness of developments and incorporate industry best practices and regulatory guidelines including but not limited to FFIEC, NIST CSF 2.0, FTC, and PCI.
• Develop an intimate understanding of Oportun’s technology and security processes, tools, and specifics of homegrown systems.
• Review content to ensure that it is presented in an engaging manner with relevant industry examples and use cases while ensuring the quality, accuracy, and time to deliver.
• Proactively seek continuous improvement opportunities in process/policies/standards.
• Develop metrics and dashboards to track program effectiveness and maturity.
• Develop and maintain security education materials including annual awareness training program, secure developer training, and more informal learning opportunities upon request from various leaders.
• Ensure preservation of required compliance artifacts such as document approvals and participation in mandatory trainings.

REQUIREMENTS

• 7+ years of proven technical writing and data and technology governance management.
• Proficient in style guidelines for user interface and ability to enhance the overall user experience by providing clear and concise information.
• Excellent written and verbal communication skills, strong interpersonal skills and the ability to partner with developers, engineers, SMEs and cross-functional teams to translate technical concepts for all audiences.
• Highly motivated self-starter with a meticulous attention to detail and time management skills
• Demonstrated experience working with content management tools such as Sharepoint, Confluence, and standard MS Office tools (e.g., Word, Excel, PowerPoint)
• Ability to learn complex concepts quickly and explain them clearly to end users and technical audiences.
• Familiarity with IT/ security control frameworks (e.g. SOC 2, NIST CSF 2.0, PCI 4.0+, FFIEC CAT), and relevant professional standards and regulations.
• Experience with common GRC solutions
• BA/BS degree in Computer Science or a related field, or relevant professional experience.

The US base salary range for this full-time position is $ 111,200 - $ 177,900.

Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects a national minimum and maximum range for new hire salaries for this position. Within this range, individual pay is determined by work location and additional factors, such as job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range that meets your criteria during the hiring process.

Please note that the compensation range listed in this posting reflects only the base salary for this position and does not include other compensation elements or benefits.

#LI-REMOTE

#LI-RR1

We are proud to be an Equal Opportunity Employer and consider all qualified applicants for employment opportunities without regard to race, age, color, religion, gender, national origin, disability, sexual orientation, veteran status or any other category protected by the laws or regulations in the locations where we operate.

California applicants can find a copy of Oportun's CCPA Notice here:  https://oportun.com/privacy/california-privacy-notice/.

We will never request personal identifiable information (bank, credit card, etc.) before you are hired. We do not charge you for pre-employment fees such as background checks, training, or equipment. If you think you have been a victim of fraud by someone posing as us, please report your experience to the FBI’s Internet Crime Complaint Center (IC3).