Cyber Risk Management Lead - Hybrid

Octane® is revolutionizing recreational purchases by delivering a seamless, end-to-end digital buying experience. We connect people with their passions by combining cutting-edge technology and innovative risk strategies to make lifestyle purchases - like powersports vehicles, RVs, and OPE - fast, easy, and accessible.

Octane adds value throughout the customer journey: inspiring enthusiasts with our editorial brands, including Cycle World® and UTV Driver®, instantly prequalifying consumers for financing online, routing customers to dealerships for an easy closing, and supporting customers throughout their loan with superior loan servicing.

Founded in 2014, we’re a company with 550+ employees and over 30 OEM and 4,000 dealer partners.

Octane is seeking a Cyber Risk Management Lead to work hybrid in our Irving, Texas or NYC location. This person is a highly experienced professional who will design, coordinate, and execute day-to-day activities related to cybersecurity, risk control, and compliance across multiple domains, including product governance, information security strategy, cloud and third-party management, data governance, and regulatory compliance. This role will assess processes, risks, and controls, utilizing industry-leading frameworks (NIST CSF, COSO, ISO 27001) to ensure a robust security posture and compliance baseline.

The ideal candidate will conduct and facilitate audits (e.g., SOC2 Type 2, SOX), oversee third-party and vendor governance, and collaborate with senior management to design and implement sustainable risk and control frameworks. This includes driving innovation in IT risk, control, and compliance operating models while staying informed on industry trends and best practices.

Responsibilities:

• Design, coordinate, and execute the day-to-day activities related to cybersecurity,  risk control, and compliance in the following areas: Product and application governance, information security strategy and governance, business continuity and disaster recovery, cloud and third parties, data governance, general IT controls, application controls, and regulatory/compliance requirements
• Review Engineering and IT processes, risk, vendors, controls, and compliance against leading practice, industry, or regulatory guidance. Assess capability maturity, identify gaps in design and operations, and communicate issues and recommendations to senior management
• Use frameworks such as NIST CSF, COSO, and ISO 27001 to ensure adequate security baseline across the organization
• Facilitate audits from 3rd party partners and certifying bodies such as SOC2 Type 2 and SOX
• Conduct audits of 3rd party partners and vendors to assure security, governance, and compliance
• Working with senior management, assess, design, and implement Engineering and IT risk and control frameworks, sustainable solutions (including applying knowledge of governance, risk, and compliance tools), operating processes and people models to address key and evolving risks, as necessary
• Keep current with competitors and the wider marketplace to understand and innovate related IT risk, control, compliance, and audit operating models, capabilities, and solutions

Requirements:

• A minimum of 10 years of experience working within Engineering and IT risk, product security/compliance, internal audit, or IT compliance function as an internal employee or as part of a professional services firm
• Master’s/Bachelor's degree in an appropriate/relevant field from an accredited college/university
• Relevant certifications from ISC2, ISACA or SANS
• Proficiency in core requirements and methodologies for SOX and SSAE 18 SOC2 internal control programs
• Experience with IT risk management operating models, three lines-of-defense frameworks, integrated risk management practices, and/or risk intelligence capabilities
• Proficiency in executing projects in accordance with leading practice project management principles
• Strong leadership and communication skills, technical knowledge, and the ability to write at a publication quality level to communicate findings and recommendations to the clients and senior management team

Compensation

The role described above offers a base salary of $155,000 to $195,000. Your offer will be based on the alignment of your qualifications with the requirements of the job, location and internal equity.  In addition to the above-mentioned salary, Total Rewards include a stock option package, and benefits as outlined below.

Benefits

• Robust Health Care Plans (Medical, Dental & Vision)
• Generous Parental Leave
• Up to 5 weeks time off (self-managed)
• Retirement Plan (401k) with company match!
• Educational Assistance/Tuition Reimbursement up to $3K/year 
• Life Insurance (Basic, Voluntary & AD&D)
• Short Term / Long Term Disability
• Robust Ancillary benefits including accident insurance, hospital insurance, etc
• Wellhub (Gympass) Wellness Benefit
• Powersports Safety Benefit

Octane Lending is an equal opportunity employer committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or any other protected status with respect to recruitment, hiring, promotion and other terms and conditions of employment.

#LI-MZ1

#LI-Hybrid